[Date Prev][Date Next] [Chronological] [Thread] [Top]

openldap 2.1.3 problems


I've some problem moving from openldap 2.0.23 to 2.1.3.

1)  I can't connect using TLS anymore (It works when I downgrade to 2.0.23)

TLS trace: SSL_accept:failed in SSLv3 read client certificate A
TLS: can't accept.
TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca 

Seems that quite a number of people are having the same problems.

2) Could someone point me to the documentation on structural objectclasses?  I 
realized that samba and inetorgperson can't go together.  So I need to know 
what I should do.  There are some explanation in the mailing list about this, 
but due to being new to openldap, I don't quite understand.  Here's a quote 
from the mailing list:

Actually, objects can list multiple STRUCTURAL classes
in objectClass as long as they as there is one which
is superior to all the others.

For example, an object which lists person, organizationalPerson
and inetOrgPerson is valid as inetOrgPerson is superior
to both person and organizationalPerson.

As a counter example, it is improper for an object to list
inetOrgPerson and pilotPerson as neither is in the others
superclass chain.  If you desire to have an object belong
to both inetOrgPerson and pilotPerson, you can create a
class which is superior to both (e.g. OpenLDAPperson).

This all per RFC 2251 and X.501(93).