On 01/29/2013 01:22 AM, Chris wrote:
Hi
I am running Openldap 2.4.23 on RHEL6. I can telnet to the server
on both 389 636 ports.
I can do a ldapsearch and ldapadd without any errors. I get this
error when I start the slapd daemon.
ldap_start_tls_s() failed: Can't contact LDAP server: Transport
endpoint is not connected (uri="ldap://ldapserver")
failed to bind to LDAP server ldap://ldapserver:
Can't contact LDAP server: Transport endpoint is not connected
When I do a ldapsearch -x -d1 -Z -b 'dc=flamengro,dc=co,dc=za'
I get the following error
TLS: certificate [CA certificate details omitted
here...] is not valid - error -8172:Peer's certificate
issuer has been marked as not trusted by the user..
TLS: error: connect - force handshake failure: errno 0 -
moznss error -8172
TLS: can't connect: TLS error -8172:Peer's certificate
issuer has been marked as not trusted by the user..
ldap_err2string
ldap_start_tls: Connect error (-11)
ÂÂÂ additional info: TLS error -8172:Peer's certificate
issuer has been marked as not trusted by the user
"Peer's certificate issuer has been marked as not trusted by the
user" - this means the issuer (the CA) that issued the certificate
of the server (the peer) is not trusted by the user (the ldapsearch
client). This usually means you have not told ldapsearch (via
ldap.conf or .ldaprc) about the CA cert of the the CA that issued
the server cert.
Any help will be appreciated.
This is my slapd.conf file
includeÂÂÂÂÂÂÂÂ /etc/openldap/schema/corba.schema
includeÂÂÂÂÂÂÂÂ /etc/openldap/schema/core.schema
includeÂÂÂÂÂÂÂÂ /etc/openldap/schema/cosine.schema
includeÂÂÂÂÂÂÂÂ /etc/openldap/schema/duaconf.schema
includeÂÂÂÂÂÂÂÂ /etc/openldap/schema/dyngroup.schema
includeÂÂÂÂÂÂÂÂ /etc/openldap/schema/inetorgperson.schema
includeÂÂÂÂÂÂÂÂ /etc/openldap/schema/java.schema
includeÂÂÂÂÂÂÂÂ /etc/openldap/schema/misc.schema
includeÂÂÂÂÂÂÂÂ /etc/openldap/schema/nis.schema
includeÂÂÂÂÂÂÂÂ /etc/openldap/schema/openldap.schema
includeÂÂÂÂÂÂÂÂ /etc/openldap/schema/ppolicy.schema
includeÂÂÂÂÂÂÂÂ /etc/openldap/schema/collective.schema
allow bind_v2
pidfileÂÂÂÂÂÂÂÂ /var/run/openldap/slapd.pid
argsfileÂÂÂÂÂÂÂ /var/run/openldap/slapd.args
TLSCipherSuiteÂÂÂÂÂÂÂÂÂ HIGH
TLSCertificateFileÂÂÂÂÂ /etc/pki/tls/certs/slapdcert.pem
TLSCertificateKeyFileÂÂ /etc/pki/tls/certs/slapdkey.pem
TLSVerifyClientÂÂÂÂÂÂÂÂ never
databaseÂÂÂÂÂÂÂ bdb
suffixÂÂÂÂÂÂÂÂÂ "dc=flamengro,dc=co,dc=za"
checkpointÂÂÂÂÂ 1024 15
rootdnÂÂÂÂÂÂÂÂÂ "cn=Manager,dc=flamengro,dc=co,dc=za"
rootpwÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ secret
directoryÂÂÂÂÂÂ /var/lib/ldap/flamengro
index objectClassÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ eq,pres
index ou,cn,mail,surname,givennameÂÂÂÂÂ eq,pres,sub
index uidNumber,gidNumber,loginShellÂÂÂ eq,pres
index uid,memberUidÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ eq,pres,sub
index nisMapName,nisMapEntryÂÂÂÂÂÂÂÂÂÂÂ eq,pres,sub
database monitor
# allow only rootdn to read the monitor
access to *
ÂÂÂÂÂÂÂ by dn.exact="cn=Manager,dc=flamengro,dc=co,dc=za" read
ÂÂÂÂÂÂÂ by * none
access to attrs=userPassword,shadowLastChange
ÂÂÂÂÂÂÂ by anonymous auth
ÂÂÂÂÂÂÂ by self write
ÂÂÂÂÂÂÂ by * none
I
|