[Date Prev][Date Next]
Re: SSL3 alert write:fatal:unknown CA
>> ldapsearch -x -b 'dc=myserver,dc=com' -D "cn=Manager,dc=myserver,dc=com"
>> '(objectclass=*)' -H ldaps://myserver.com -W -ZZ
>But, you could have it be ldaps:// and get rid of the -ZZ.
Yep, that's right.
These are the two styles used for encrypted traffic:
TLS ==> ldap:// with -ZZ option (if ldap_start_tls_s() not called in the
SSL ==> ldaps:// (no -ZZ)
Combining ldaps:// and -ZZ is like trying to start an already running car
and getting that nice grinding sound. The server won't accept the
But the example in Chapter 7 of the doc is about TLS specifically after
much of the doc has discusssed SSL. So I should change it to the TLS style
in the next draft. Thanks for the comments!
"You don't stop playing because you grow old ...
you grow old because you stop playing."
Linux Technology Center, Linux Security