[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: problem with ldapsearch/TLS ( or Fedora Core 2?? )
Looking at the last statment of the debugging output.
If you were to search Google using info: "error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure".
You would notice that Howard has highlighted a common misunderstanding among many have: TLS uses port 389 not 636:
http://www.openldap.org/lists/openldap-software/200404/msg00364.html
Could you pls check if there is a port 636 statement in ldap.conf (at client or server if u do local test), that should be changed to "PORT 389" or delete this "PORT 636" statement to use the implied default which is PORT 389.
slapd should also be listening on port 389.
Gary
-----Original Message-----
From: owner-openldap-software@OpenLDAP.org [mailto:owner-openldap-software@OpenLDAP.org] On Behalf Of Barrow H Kwan
Sent: Saturday, October 23, 2004 10:15 AM
To: Jeff Warnica
Sent by: owner-openldap-software@OpenLDAP.org
10/22/2004 07:50 PM
To
Barrow H Kwan
cc
OpenLdap Software List
Subject
Re: problem with ldapsearch/TLS ( or Fedora Core 2?? )
On Thu, 2004-21-10 at 19:16 -0700, Barrow H Kwan wrote
>
> [root@myhost root]# ldapsearch -H ldap://myhost.domain.com -D
> uid=user1,ou=People,dc=Corporate,dc=Domain,dc=COM -x -W -ZZ
> ldap_start_tls: Connect error (91)
> additional info: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> : is it a problem with ldapsearch ?
Unlikely. Does ldapsearch know about your CA certs? Note
that /etc/ldap.conf is for pam/nss _only_, everything else uses,
ie, /erc/openldap/ldap.conf ... at least with all the RH/Fedora RPMs.
If that doesn't work, run ldapsearch with "-d -1" and see if that gives
any hits.