[Date Prev][Date Next]
Re: ldapsearch and TLS
Chris Majewski wrote:
Have you properly configured slapd.conf, ldap.conf, ldaprc?
Well, that's really the question isn't it...
Have you created a valid certificate chain?
I believe so, since at least once client (Mozilla's address book) is
able to negotiate an ssl connection with my server.
Did you read this site
Yes. Well, I have now. So here's the thing. This:
ldapsearch -x -b 'ou=People,o=cs.ubc.ca' -D "uid=majewski,ou=People,o=cs.ubc.ca" '(objectclass=*)' -H ldap://okocim -W
ldapsearch -x -b 'ou=People,o=cs.ubc.ca' -D "uid=majewski,ou=People,o=cs.ubc.ca" '(objectclass=*)' -H ldaps://okocim -W
doesn't! What's up with that?
OK, the first is plain ldap, the second is ldap over SSL involving
certificates. The CN of the certificate must match exactly the name of the
machine referred to in the ldap search. Here you've specified
My guess is that the CN in your certificate is not "okocim" . Try this ...
openssl s_client -connect okocim:636 -CAfile <path-to-CA-cert>
Principal Systems Programmer, IT Services
University of Sussex, Brighton BN1 9QJ. Tel: 01273 678354 Fax: 01273 271956