On Wed, 2011-10-26 at 22:28 -0500, Dan White wrote:
On 26/10/11 22:53 -0400, Braden McDaniel wrote:
I am trying to get OpenLDAP (2.4.24) working with NSS on Fedora 15. In
cn=config.ldif I have:
olcTLSCACertificatePath: /etc/pki/nssdb
olcTLSCertificateFile: endoframe
[snip]
Any ideas of what I might be doing wrong, or where I should be looking
to debug this?
slapd was not started with the proper options to listen on ldaps:/// (port
636).
Thank you. That got me this far:
# ldapsearch -H ldaps://rail -b dc=endoframe,dc=net -x -d1
ldap_url_parse_ext(ldaps://rail)
ldap_create
ldap_url_parse_ext(ldaps://rail:636/??base)
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP rail:636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying ::1 636
ldap_pvt_connect: fd: 3 tm: -1 async: 0
TLS: file endoframe.pem does not end in [.0] - does not appear to be a CA certificate directory file with a properly hashed file name - skipping.
TLS: error: connect - force handshake failure: errno 0 - moznss error -5938
TLS: can't connect: TLS error -5938:Encountered end of file.
ldap_err2string
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
I don't understand why it's looking for a file here. My impression from
reading <http://www.openldap.org/faq/data/cache/1514.html> is that the
cert would be pulled from the database.