Re: openldap 2.1.3 problems

[<alexlam@msolutions.com.hk>]

Hi,

I've got the same problem.
But it seems related to the "ldapsearch".
When I use the ldapsearch with version 2.0.23, it can provide TLS connection
to slapd server with 2.1.3.
Is it a bug with the ldapsearch with version 2.1.3?

Thanks,
Alex Lam
----- Original Message -----
From: "Hardi Gunawan" <hardigunawan@inbox.lv>
To: <openldap-software@OpenLDAP.org>
Sent: Saturday, August 03, 2002 8:29 AM
Subject: openldap 2.1.3 problems


> Hi
>
> I've some problem moving from openldap 2.0.23 to 2.1.3.
>
> 1)  I can't connect using TLS anymore (It works when I downgrade to
2.0.23)
>
> TLS trace: SSL_accept:failed in SSLv3 read client certificate A
> TLS: can't accept.
> TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
> s3_pkt.c:985
>
> Seems that quite a number of people are having the same problems.
>
> 2) Could someone point me to the documentation on structural
objectclasses?  I
> realized that samba and inetorgperson can't go together.  So I need to
know
> what I should do.  There are some explanation in the mailing list about
this,
> but due to being new to openldap, I don't quite understand.  Here's a
quote
> from the mailing list:
>
> --------------------------------------------------------------
> Actually, objects can list multiple STRUCTURAL classes
> in objectClass as long as they as there is one which
> is superior to all the others.
>
> For example, an object which lists person, organizationalPerson
> and inetOrgPerson is valid as inetOrgPerson is superior
> to both person and organizationalPerson.
>
> As a counter example, it is improper for an object to list
> inetOrgPerson and pilotPerson as neither is in the others
> superclass chain.  If you desire to have an object belong
> to both inetOrgPerson and pilotPerson, you can create a
> class which is superior to both (e.g. OpenLDAPperson).
>
> This all per RFC 2251 and X.501(93).
>
> Kurt
> --------------------------------------------------------------
>
>
>