[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapsearch ignoring ldap.conf?

To: Rodrigo Severo <rodrigo.lists@fabricadeideias.com>
Subject: Re: ldapsearch ignoring ldap.conf?
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Wed, 03 Sep 2003 07:29:48 -0700
Cc: openldap-software@OpenLDAP.org
In-reply-to: <3F5397BD.7040504@fabricadeideias.com>

As noted in ldap.conf(5), some options are user only.  That is,
they are ignored if present in ldap.conf.  They belong in .ldaprc.

Kurt

At 12:02 PM 9/1/2003, Rodrigo Severo wrote:
>Hi,
>
>I am just arriving at this list and I am messing for the first time with LDAP/OpenLDAP.
>
>I am testing my server and I have configured it to use SSL all the time. My problem is that ldapsearch seems to be ignoring my /usr/local/etc/openldap/ldap.conf file. Why do I say that?
>
>If I create a .ldaprc file with the following content:
>
>-------------------------------------------------------------
>TLS_CACERT      /etc/ssl/certs/cr_aa.pem
>TLS_CERT        /etc/ssl/certs/fellini.cert
>TLS_KEY /etc/ssl/private/fellini.key
>-------------------------------------------------------------
>ldapsearch works fine. If I remove it ldapsearch gives me the following error:
>
>-------------------------------------------------------------
>TLS trace: SSL_connect:SSLv3 flush data
>tls_read: want=5, got=5
> 0000:  15 03 01 00 02                                     .....
>tls_read: want=2, got=2
> 0000:  02 28                                              .(
>TLS trace: SSL3 alert read:fatal:handshake failure
>TLS trace: SSL_connect:failed in SSLv3 read finished A
>TLS: can't connect.
>ldap_perror
>ldap_bind: Can't contact LDAP server (81)
>       additional info: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
>-------------------------------------------------------------
>
>The point is: my /usr/local/etc/openldap/ldap.conf file already has exactly this same info in it:
>
>-------------------------------------------------------------
># $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.9 2000/09/04 19:57:01 kurt Exp $
>#
># LDAP Defaults
>#
>
># See ldap.conf(5) for details
># This file should be world readable but not world writable.
>
>#BASE   dc=example, dc=com
>#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666
>
>#SIZELIMIT      12
>#TIMELIMIT      15
>#DEREF          never
>
>URI ldaps://fellini.fabricadeideias.com
>base dc=fabricadeideias,dc=com
>rootbinddn cn=root,dc=fabricadeideias,dc=com
>scope one
>pam_filter objectclass=posixaccount
>pam_login_attribute uid
>pam_member_attribute gid
>pam_password md5
>nss_base_passwd         ou=People,dc=fabricadeideias,dc=com?one
>nss_base_shadow         ou=People,dc=fabricadeideias,dc=com?one
>nss_base_group          ou=Group,dc=fabricadeideias,dc=com?one
>nss_base_hosts          ou=Hosts,dc=fabricadeideias,dc=com?one
>SSL on
>
>#TLS_CACERTDIR  /etc/ssl/certs
>TLS_CACERT      /etc/ssl/certs/cr_aa.pem
>TLS_CERT        /etc/ssl/certs/fellini.cert
>TLS_KEY /etc/ssl/private/fellini.key
>-------------------------------------------------------------
>
>BTW, I am using openldap 2.1.22 over Concetiva Linux 9.
>
>One more thing, I already straced ldapsearch. It does read my /usr/local/etc/openldap/ldap.conf file ok. It just ignores it's contents AFAICT.
>
>
>TIA,
>
>Rodrigo Severo
>

References:
- ldapsearch ignoring ldap.conf?
  - From: Rodrigo Severo <rodrigo.lists@fabricadeideias.com>

Prev by Date: Re: ldapsearch
Next by Date: Error - Why?
Index(es):
- Chronological
- Thread