thanks
about " Your servers CN on the certificate must also match the hostname of the server."
is it means CN should be username of OS like Administrator, or ldap server name like "ldap.server"
gtalk:freeespeech@gmail.com
On Fri, Jul 2, 2010 at 11:24 AM, Indexer <indexer@internode.on.net> wrote:When using TLS you dont need LDAPS, you want to set your systems to ldap://ldap.server
On 02/07/2010, at 12:49 PM, owen nirvana wrote:
> I set tls options to use ldaps.
Try adding the -Z flag to turn on encryption. Your servers CN on the certificate must also match the hostname of the server.
>
> question 1:
> port 389 is opened yet when I scan the LDAP Server by nmap, but I could not
> connect it with Apache Directory Studio v1.5.3.
>
> question 2:
> Nmap tell me "server still supports SSLv2", but I set TLSCipherSuite is
> HIGH:MEDIUM:-SSLv2
>
> question 3:
> I try to import some data with ldapmodify
>
> ldapmodify -a -H ldap://mydomain.org:636 -D "cn=admin,dc=mydomain,dc=org" -x
> -w whatever -f init.ldif
> gtalk:freeespeech@gmail.com <gtalk%3Afreeespeech@gmail.com>
>
> the following is error report:
>
> ldap_start_tls : Can't Contact LDAP Server(-1)
> addition info: error: 14000092: SSL Routine: SSL3_GET_CERTFICATE:
> certificate verify failed
>
> ldap_sasl_bind(Simple): Can't Contact LDAP Server(-1)
>
>