[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: OpenLDAP client test program connecting to LDAP server over SSL failed



Thank you so much, Ven, for your reply.

 

I have some questions.

 

-- create an environment variable LDAPCONF

<DAISY>:  Question, what value is this environment variable set to?  Does OpenSSL or OpenLDAP use this env variable?

 

-- create a file called ldap_ssl_cert_config and placed the following line in it:

TLS_CACERTDIR /etc/pki/tls

<DAISY>:  Question, in what directory should I create this file?  How is this file “ldap_ssl_cert_config” file used?  How does OpenLDAP client know what file to look for, in which directory? 

 

And /etc/pki/tls does not exist in my file system.  What is this “/etc/pki/tls” anyway?

 

-- ran my program

 

 

From: Mahadevan, Venkatasubramanian [mailto:Venkatasubramanian.Mahadevan@ubc.ca]
Sent: Tuesday, August 30, 2011 6:25 PM
To: Wu, Daisy; openldap-technical@openldap.org
Subject: RE: OpenLDAP client test program connecting to LDAP server over SSL failed

 

> It failed because of this error: ldap_sasl_bind_s: Can't contact LDAP server (-1) error:14090086:SSL routines: SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

 

Hi Daisy,

 

I have noticed that sometimes depending on the version of OpenSSL you are linking the LDAP libraries to, it will throw this

error. So what I did was:

-- create an environment variable LDAPCONF

-- create a file called ldap_ssl_cert_config and placed the following line in it:

TLS_CACERTDIR /etc/pki/tls

-- ran my program

 

Then it worked and I did not get the error anymore. Hope this helps.

 

cheers,

 

Ven