[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldapsearch ignoring ldap.conf?

To: openldap-software@OpenLDAP.org
Subject: ldapsearch ignoring ldap.conf?
From: Rodrigo Severo <rodrigo.lists@fabricadeideias.com>
Date: Mon, 01 Sep 2003 16:02:21 -0300
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624

Hi,

I am just arriving at this list and I am messing for the first time with LDAP/OpenLDAP.

I am testing my server and I have configured it to use SSL all the time. My problem is that ldapsearch seems to be ignoring my /usr/local/etc/openldap/ldap.conf file. Why do I say that?

If I create a .ldaprc file with the following content:

------------------------------------------------------------- TLS_CACERT /etc/ssl/certs/cr_aa.pem TLS_CERT /etc/ssl/certs/fellini.cert TLS_KEY /etc/ssl/private/fellini.key ------------------------------------------------------------- ldapsearch works fine. If I remove it ldapsearch gives me the following error:

------------------------------------------------------------- TLS trace: SSL_connect:SSLv3 flush data tls_read: want=5, got=5 0000: 15 03 01 00 02 ..... tls_read: want=2, got=2 0000: 02 28 .( TLS trace: SSL3 alert read:fatal:handshake failure TLS trace: SSL_connect:failed in SSLv3 read finished A TLS: can't connect. ldap_perror ldap_bind: Can't contact LDAP server (81) additional info: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure -------------------------------------------------------------

The point is: my /usr/local/etc/openldap/ldap.conf file already has exactly this same info in it:

------------------------------------------------------------- # $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.9 2000/09/04 19:57:01 kurt Exp $ # # LDAP Defaults #

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE   dc=example, dc=com
#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never

URI ldaps://fellini.fabricadeideias.com
base dc=fabricadeideias,dc=com
rootbinddn cn=root,dc=fabricadeideias,dc=com
scope one
pam_filter objectclass=posixaccount
pam_login_attribute uid
pam_member_attribute gid
pam_password md5
nss_base_passwd         ou=People,dc=fabricadeideias,dc=com?one
nss_base_shadow         ou=People,dc=fabricadeideias,dc=com?one
nss_base_group          ou=Group,dc=fabricadeideias,dc=com?one
nss_base_hosts          ou=Hosts,dc=fabricadeideias,dc=com?one
SSL on

#TLS_CACERTDIR  /etc/ssl/certs
TLS_CACERT      /etc/ssl/certs/cr_aa.pem
TLS_CERT        /etc/ssl/certs/fellini.cert
TLS_KEY /etc/ssl/private/fellini.key
-------------------------------------------------------------

BTW, I am using openldap 2.1.22 over Concetiva Linux 9.

One more thing, I already straced ldapsearch. It does read my /usr/local/etc/openldap/ldap.conf file ok. It just ignores it's contents AFAICT.


TIA,

Rodrigo Severo

Follow-Ups:
- Re: ldapsearch ignoring ldap.conf?
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Jmeter sampler for testing LDAP
Next by Date: Re: slapd crashing with password change -- addendum
Index(es):
- Chronological
- Thread