[Date Prev][Date Next]
RE: Diagnosing client problem using SSL/TLS
Rerun the search with "-d7" and look at the TLS trace messages.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
Symas: Premier OpenSource Development and Support
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Nels Lindquist
> I've been trying to upgrade my OpenLDAP installation in order to
> resolve some problems I've been having with SASL authentication.
> My current difficulties seem to stem from the OpenLDAP libraries,
> though, so I'm posting to this list rather than Cyrus-SASL.
> I upgraded to OpenLDAP v2.1.5 from v2.0.23, and then to v2.1.8.
> Without making any changes to configuration files, I got the
> following error (with ldapsearch):
> > ldap_bind: Can't contact LDAP server (81) additional info:
> > error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
> > verify failed
> Checking the man page revealed new options for dealing with
> certificate verification.
> I added the line: "TLS_REQCERT allow" to
> /usr/local/etc/openldap/ldap.conf, and now I receive the following
> > ldap_bind: Can't contact LDAP server (81)
> The server (Netware 6 eDirectory) is working fine; I can connect
> using insecure LDAP from anywhere, and using secure LDAP from a
> different machine which still has 2.0.23 installed.
> How should I go about diagnosing this?
> Nels Lindquist <*>
> Information Systems Manager
> Morningstar Air Express Inc.