[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL3 alert write:fatal:unknown CA

Pierre Burri wrote:

>Hi Kent,
>I looked in your excellent Document OpenLDAP_TLS_howto, also because
>Gibson-Mount mentioned it.
>In Chapter 7 Using TLS you give the following example:
>ldapsearch -x -b 'dc=myserver,dc=com' -D "cn=Manager,dc=myserver,dc=com"
>'(objectclass=*)' -H ldaps://myserver.com -W -ZZ
>I thought TLS was working on port 389 and only SSL was using ldaps://
>If that's true the command would be:
>ldapsearch -x -b 'dc=myserver,dc=com' -D "cn=Manager,dc=myserver,dc=com"
>'(objectclass=*)' -h myserver.com -W -ZZ

Good catch Pierre!

The command needs to have "ldap://"; instead of "ldaps://".  Using ldaps://
with "-ZZ" will not enable a connection to the server.

I still prefer "-H <uri>" over "-h <host>" because the latter is

The doc is new and probably has a few more errors so I'll wait before
updating the document.  Thanks for catching it and thanks for the great

Kent Soper

"You don't stop playing because you grow old ...
       you grow old because you stop playing."

Linux Technology Center, Linux Security
phonel:  1-512-838-9216
e-mail:  dksoper@us.ibm.com