Re: Client says Can't contact LDAP server, but it can!

[John Oliver <joliver@john-oliver.net>]

On Thu, Jul 24, 2008 at 03:14:33PM -0700, Howard Chu wrote:
> Just use -d1 on ldapsearch and you'll get the OpenSSL diagnostic messages.

Now we're getting somewhere!

It tells me:

TLS trace: SSL3 alert write:fatal:unknown CA

I'm using a self-signed certificate, and it worked just fine when this
machine was a master LDAP server.  I moved /var/lib/ldap, created a new
/var/lib/ldap, added the synrepl stuff, and started ldap  I've also
recreated my certificate a couple of different ways... I'm not sure if
this scertificate needs to be 100% unique, or if the OU in the
certificate needs to be the same as the OU in the cert on the master
server, or ???  neither worked, though.


-- 
***********************************************************************
* John Oliver                             http://www.john-oliver.net/ *
*                                                                     *
***********************************************************************