[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Again problems with slurpd
Hi list, hi Peter,
"Peter A. Savitch" wrote:
>
> As I know, setting `TLS hard' enforces TLS (i.e. no STARTTLS happens).
> It has the same effect as connecting by `ldaps://' URL scheme.
> So, Your slurpd tries to connect to `ldap://' server port 5389 with
> `ldaps://' scheme (is should either try 5636 or set TLS=never with
> 5389).
>
> You may try to:
> 1) connect to ldaps.hrnet.de:5636 with ldap.conf `TLS=hard'
> 2) set slapd.conf replica `tls=critical', ldap.conf `TLS=never',
> server ldap.hrnet.de:5389 -- this goes with STARTTLS.
>
> And please tell me what You've got.
I tried 1) , but what i got is the same as always :(
Here's what slurpd says :
---snipp---
03b0: 27 48 'H
TLS certificate verification: depth: 0, err: 18, subject:
/C=DE/ST=Hessen/L=Niedernhausen/O=HRSoft/OU=Development/
CN=486dx66.hrnet.de/Email=harry@hrnet.de, issuer:
/C=DE/ST=Hessen/L=Niedernhausen/O=HRSoft/OU=Development/
CN=486dx66.hrnet.de/Email=harry@hrnet.de
TLS certificate verification: Error, self signed certificate
tls_write: want=7, written=7
0000: 15 03 01 00 02 02 30 ......0
TLS trace: SSL3 alert write:fatal:unknown CA
---snipp---
I thought i got over those certification problems :-(
In the threadstarting message I described how i made my
certificates, is there anything wrong ?
Is the content (C= ... OU=..) important
(i know the CN must be the name of the server, where slapd is
running on) ?
I use the same TLS-options for both, the master- and the
replication-server .. do they have to be different
(both servers are running as ldap(s).hrnet.de , just on
different ports ) ?
Waiting for help ...
greets Harry