[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL3 alert write:fatal:unknown CA

Quanah wrote:

>> ldapsearch -x -b 'dc=myserver,dc=com' -D "cn=Manager,dc=myserver,dc=com"
>> '(objectclass=*)' -H ldaps://myserver.com -W -ZZ
> ...
>But, you could have it be ldaps:// and get rid of the -ZZ.

Yep, that's right.

These are the two styles used for encrypted traffic:
TLS ==> ldap://   with  -ZZ option (if ldap_start_tls_s() not called in the
client app)
SSL ==> ldaps://   (no -ZZ)

Combining ldaps://  and -ZZ is like trying to start an already running car
and getting that nice grinding sound.  The server won't accept the

But the example in Chapter 7 of the doc is about TLS specifically after
much of the doc has discusssed SSL.  So I should change it to the TLS style
in the next draft.  Thanks for the comments!

Kent Soper

"You don't stop playing because you grow old ...
       you grow old because you stop playing."

Linux Technology Center, Linux Security
phone: 1-512-838-9216
e-mail:  dksoper@us.ibm.com