Greetings List,
I am attempting to get ldap authentication to Active Directory working
from our RHEL 4 systems. I have read the several articles and howto
documents out there and am very close to getting everything working.
pam_ldap and nss_ldap is working well with unencrypted ldap, as is
ldapsearch queries. The next step is getting ldaps to work, and I am
hoping for some suggestions from the list to get me over the hump.
RHEL ES 4 fully patched (up2date)
W2K SP4
This works fine:
ldapsearch -x -H ldap://server.domain.com/ -D
cn=ldap,ou=Users-OU,dc=domain,dc=com -W ""
but changing ldap to ldaps results in this error:
ldap_bind: Can't contact LDAP server (-1)
additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
I have installed Certificate Services on the W2K domain controller and
exported the CA Cert and copied the file to the linux
box:/etc/openldap/cacerts. In /etc/openldap/ldap.conf I have tried:
TLS_CACERTDIR /etc/openldap/cacerts
TLS_CACERT /etc/openldap/cacerts/cacert.pem
Any suggestions would be greatly appreciated.
Grant
------------------