Re: OpenLDAP 2.1.x + NSS+SSL connecting to OpenLDAP 2.0.23 = broken?

[Dieter Kluenter <dieter@dkluenter.de>]

Hi,

"nate" <ldap@aphroland.org> writes:

> hello!
>
> I am tryin to figure out if this is a bug or a feature.

> Running slapd in debug mode I see these messages when it tries to
> connect in SSL/TLS:
>
> TLS: can't accept.
> TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
> s3_pkt.c:964
>
> I have Debian 3.0r1(x86/sparc), solaris 8(sparc), redhat 7.3(x86) all
> authenticating via SSL/TLS on LDAP running the same configuration:
>
> config for no-ssl:
> host 10.10.10.7
> base ou=People,o=aphroland,c=us
> uri ldap://redhat.aphroland.org:3890/
> ldap_version 3
> binddn cn=nss,o=aphroland,c=us
> bindpw MY_SUPER_SECRET_PASSWORD
> port 3890
> nss_base_passwd        ou=People,o=aphroland,c=us?one
> nss_base_group                ou=Group,o=aphroland,c=us?one

Your are mixing ldap.conf for clients, using libldap and ldap.conf for
PAM, those files are not identical.

[...]
> my ldap server is openldap 2.0.23 on redhat 7.3. I also have
> openldap 2.0.23 running on a debian 3.0r1 machine.
>
> I would expect them to be compadible. Bug? Feature?
>
> the SuSE 8.1 system has these ldap packages installed:
> openldap2-client-2.1.4-70
> nss_ldap-199-31
> pam_ldap-150-57
>
> any ideas? All LDAP clients are running the same config.

man (5) ldap.conf for openldap-2.1.4

TLS Options

-Dieter


-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter@schevolution.com
http://www.schevolution.com/tour