[Date Prev][Date Next] [Chronological] [Thread] [Top]

SSL client certificate question and bdb_dn2id_matched question


I'm new to the exciting world of ldap, I just got SSL working but I still haven't connected completely to the server. My questions:

1. the way I finally got SSL to work after having been very annoyed with what appear to be somewhat common errors (cf google):

TLS trace: SSL3 alert read:fatal:unknown CA
TLS trace: SSL_accept:failed in SSLv3 read client certificate A

was to actually install what I assume are the CA and server certs (the files cert7.db and key3.db, gleaned from a netscape visit to https://myserver.com:636) on my client (Softerra LDAP browser). What I don't understand is why the hell this made everything work, to a point, when there's a directive in my slapd.conf: TLSVerifyClient never, that I assumed meant slapd doesn't bother with client certs. Any help understanding this would be great. I suspect it has more to do with SSL than LDAP, but humor me please.

2. Now I get to this debug message and resultant error 49:

=> bdb_dn2id_matched( "cn=admin,dc=test1,dc=dns" )
<= bdb_dn2id_matched: no match

with these slapd.conf lines

database        bdb
suffix          "dc=test1,dc=dns"
rootdn          "cn=admin,dc=test1,dc=dns"
rootpw          tDCzXHLJSMYIuAhxeQFeJYrZ5wHqOrty
directory       /usr/local/openldap/var/openldap-data

Is there some other way you have to add a user id to bdb or something? I admit I haven't spent a lot of time on this one. If I've left out key debug or config lines, please let me know and I'll post them, and thank you very much in advance for any help.