[Date Prev][Date Next] [Chronological] [Thread] [Top]

Diagnosing client problem using SSL/TLS

To: openldap-software@OpenLDAP.org
Subject: Diagnosing client problem using SSL/TLS
From: "Nels Lindquist" <nlindq@maei.ca>
Date: Wed, 23 Oct 2002 17:04:34 -0600
Content-description: Mail message body
Organization: Morningstar Air Express Inc.

I've been trying to upgrade my OpenLDAP installation in order to 
resolve some problems I've been having with SASL authentication.

My current difficulties seem to stem from the OpenLDAP libraries, 
though, so I'm posting to this list rather than Cyrus-SASL.

I upgraded to OpenLDAP v2.1.5 from v2.0.23, and then to v2.1.8.

Without making any changes to configuration files, I got the 
following error (with ldapsearch):

> ldap_bind: Can't contact LDAP server (81) additional info:
> error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
> verify failed 

Checking the man page revealed new options for dealing with 
certificate verification.

I added the line: "TLS_REQCERT    allow" to 
/usr/local/etc/openldap/ldap.conf, and now I receive the following 
error:

> ldap_bind: Can't contact LDAP server (81)

The server (Netware 6 eDirectory) is working fine; I can connect 
using insecure LDAP from anywhere, and using secure LDAP from a 
different machine which still has 2.0.23 installed.

How should I go about diagnosing this?

----
Nels Lindquist <*>
Information Systems Manager
Morningstar Air Express Inc.

Follow-Ups:
- RE: Diagnosing client problem using SSL/TLS
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: Multimaster further work
Next by Date: Recursive groups?
Index(es):
- Chronological
- Thread