[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Install CA Certificate

To: <openldap-software@openldap.org>
Subject: RE: Install CA Certificate
From: "Aaron Smith" <Aaron.Smith@kzoo.edu>
Date: Fri, 13 Oct 2006 08:58:42 -0400
Content-class: urn:content-classes:message
Thread-index: AcbuTJKpHoaYuQTFTmWPVJYjc9/JbgAeozqw
Thread-topic: Install CA Certificate

DOH!  What a stupid mistake.  That's exactly it.  If I use the actual
OpenLdap ldapsearch, I can get it to work connecting to
ldaps://n1-wrath.sandbox.com:3269.  Now I just need to get auth_ldap in
Apache to do the same!  But at least I'm getting closer.  Thanks.

--------------------------------------------------------------------
Aaron Smith                Aaron.Smith@kzoo.edu
System Administrator   (269) 337-7496
Kalamazoo College
 

-----Original Message-----
From: Aaron Richton [mailto:richton@nbcs.rutgers.edu] 
Sent: Thursday, October 12, 2006 6:20 PM
To: Aaron Smith
Cc: openldap-software@openldap.org
Subject: Re: Install CA Certificate

> Where do I need to put a CA certificate so that Openldap can find it
> properly?  I have openldap version 2.3.27 that was compiled using
> openssl support on a Solaris 10 machine.  Trying to do secure LDAP
> transactions with ldapsearch results in
>
> SSL initialization failed: error -8192 (An I/O error occurred during
> security authorization.)

I'd try "-d -1" to see what the client is thinking, or possibly truss to

see if you and it are disagreeing as to the location of ldap.conf, and
(if 
ldap.conf is getting opened properly) to see if the open() on the CACERT

is working.

With that said, I don't think I've ever seen a message like that from 
OpenLDAP ldapsearch(1). Are you sure you aren't running Solaris 10's 
/usr/bin/ldapsearch instead?

Prev by Date: RE: Install CA Certificate
Next by Date: userPKCS12 and storage format
Index(es):
- Chronological
- Thread