[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap+ssl+Active directory

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>, Andreas <andreas@conectiva.com.br>, Howard Chu <hyc@symas.com>
Subject: Re: ldap+ssl+Active directory
From: Ainhoa Prat <a_prat@monesa.es>
Date: Tue, 06 Jul 2004 09:25:43 +0200
Cc: openldap-software@OpenLDAP.org
In-reply-to: <6.0.0.22.2.20040706084935.01af0c80@192.168.3.200>
References: <6.0.0.22.2.20040705095837.01d36b78@192.168.3.200> <6.0.1.1.0.20040705102829.02c8de58@127.0.0.1> <20040705174713.GE9590@conectiva.com.br> <6.0.1.1.0.20040705111001.048b8bf8@127.0.0.1> <6.0.0.22.2.20040706084935.01af0c80@192.168.3.200>

The exact error when I do ldapsearch -Hldaps://ladpserver -x is:

ldap-bind: can't contact ldapserver(81)
  additional info: error 14090086 : SSL routines: 
SSL3_GET_SERVER_CERTIFICATE: cretificate certify failed.

When I do :
openssl s_cleint -connect ldapserver:636 -showcerts

CONNECTED(00000003)
depth=0 /CN=ldapserver
verify error:num27:certificate not trusted
verify return:1
depth=0 /CN_ldapserver
verify error: num=21:unable to verify the first cretificate
verify return :1



At 08:59 06/07/2004, Ainhoa Prat wrote:
>Hi,
>
>I'm using Yast to configure ldap, in the ldap client, I pick the option: 
>'ldap tls/ssl'. then /etc/ldap.conf has the next line:
>
># OpenLDAP SSL mechanism
># start_tls mechanism uses the normal LDAP port, LDAPS typically 636
>ssl     start_tls
>nss_base_passwd dc=monesa,dc=es
>nss_base_shadow dc=monesa,dc=es
>nss_base_group  dc=monesa,dc=es
>
>I think the configuration is OK, but I don't know how suse import the 
>w2k'certificate, or if I need to create a certificate to suse. I've 
>installed Microsoft Certification Authority, to enable ldap over ssl in 
>w2k. In suse I only set this option (ssl start tls), then I don't know if 
>I need to do nothing else.
>
>
>
>
>
>At 20:17 05/07/2004, Kurt D. Zeilenga wrote:
>>At 10:47 AM 7/5/2004, Andreas wrote:
>> >On Mon, Jul 05, 2004 at 10:34:32AM -0700, Kurt D. Zeilenga wrote:
>> >> At 01:09 AM 7/5/2004, Ainhoa Prat wrote:
>> >> >I'm having problems using ldap with ssl against windows 2000 AD. I 
>> have Suse 9 as ldap client and w2k as ldap server. I set use ssl in ldap.conf,
>> >>
>> >> Not sure what you mean by "set use ssl in ldap.conf"... but if you
>> >> mean you set 'use ssl' in ldap.conf, I note that OpenLDAP ldap.conf(5)
>> >> has no 'use ssl' directive.  You might be confusing directives for
>> >> some other ldap.conf file with OpenLDAP's ldap.conf(5).
>> >
>> >SuSE mixes nss_ldap and pam_ldap's ldap.conf (from PADL software) with
>> >openldap's ldap.conf.
>>
>>If so, that's ill-advised.
>>
>>Regardless, "use ssl" is not, as I said above, an OpenLDAP
>>ldap.conf(5) directive and hence will be ignored by OpenLDAP
>>command lines tools such as ldapsearch(1).
>>
>>Kurt

Follow-Ups:
- Re: ldap+ssl+Active directory
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- ldap+ssl+Active directory
  - From: Ainhoa Prat <a_prat@monesa.es>
- Re: ldap+ssl+Active directory
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: ldap+ssl+Active directory
  - From: Andreas <andreas@conectiva.com.br>
- Re: ldap+ssl+Active directory
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: ldap+ssl+Active directory
  - From: Ainhoa Prat <a_prat@monesa.es>

Prev by Date: Re: ldap+ssl+Active directory
Next by Date: Re: ldap+ssl+Active directory
Index(es):
- Chronological
- Thread