[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldaps and Active Directory

To: Michael Ströder <michael@stroeder.com>, Grant Sturgis <gesturgis@hotmail.com>
Subject: Re: ldaps and Active Directory
From: Shuh Chang <schang@axalto.com>
Date: Fri, 09 Dec 2005 10:28:25 -0600
Cc: OpenLDAP-software@OpenLDAP.org
References: <BAY106-F31B3550EE7DC3EF8F5DA21B0420@phx.gbl> <43993B57.506@stroeder.com>

Did you also properly chmod to these two files, if necessary?

TLS_CACERTDIR /etc/openldap/cacerts
TLS_CACERT /etc/openldap/cacerts/cacert.pem


Shuh

----- Original Message ----- From: "Michael Ströder" <michael@stroeder.com> To: "Grant Sturgis" <gesturgis@hotmail.com> Cc: <OpenLDAP-software@OpenLDAP.org> Sent: Friday, December 09, 2005 2:07 AM Subject: Re: ldaps and Active Directory

Grant Sturgis wrote:


ldap_bind: Can't contact LDAP server (-1)
       additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed


I have installed Certificate Services on the W2K domain controller and
exported the CA Cert and copied the file to the linux
box:/etc/openldap/cacerts.  In /etc/openldap/ldap.conf I have tried:

TLS_CACERTDIR /etc/openldap/cacerts
TLS_CACERT /etc/openldap/cacerts/cacert.pem


Which OpenLDAP version are you using?
There have been fixes to SSL configuration in 2.3.12.

Ciao, Michael.

References:
- ldaps and Active Directory
  - From: "Grant Sturgis" <gesturgis@hotmail.com>
- Re: ldaps and Active Directory
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: BDB Database problem
Next by Date: Problems with simple LDAP authentication
Index(es):
- Chronological
- Thread