[Date Prev][Date Next]
Re: ldap+ssl+Active directory
The exact error when I do ldapsearch -Hldaps://ladpserver -x is:
ldap-bind: can't contact ldapserver(81)
additional info: error 14090086 : SSL routines:
SSL3_GET_SERVER_CERTIFICATE: cretificate certify failed.
When I do :
openssl s_cleint -connect ldapserver:636 -showcerts
verify error:num27:certificate not trusted
verify error: num=21:unable to verify the first cretificate
verify return :1
At 08:59 06/07/2004, Ainhoa Prat wrote:
>I'm using Yast to configure ldap, in the ldap client, I pick the option:
>'ldap tls/ssl'. then /etc/ldap.conf has the next line:
># OpenLDAP SSL mechanism
># start_tls mechanism uses the normal LDAP port, LDAPS typically 636
>I think the configuration is OK, but I don't know how suse import the
>w2k'certificate, or if I need to create a certificate to suse. I've
>installed Microsoft Certification Authority, to enable ldap over ssl in
>w2k. In suse I only set this option (ssl start tls), then I don't know if
>I need to do nothing else.
>At 20:17 05/07/2004, Kurt D. Zeilenga wrote:
>>At 10:47 AM 7/5/2004, Andreas wrote:
>> >On Mon, Jul 05, 2004 at 10:34:32AM -0700, Kurt D. Zeilenga wrote:
>> >> At 01:09 AM 7/5/2004, Ainhoa Prat wrote:
>> >> >I'm having problems using ldap with ssl against windows 2000 AD. I
>> have Suse 9 as ldap client and w2k as ldap server. I set use ssl in ldap.conf,
>> >> Not sure what you mean by "set use ssl in ldap.conf"... but if you
>> >> mean you set 'use ssl' in ldap.conf, I note that OpenLDAP ldap.conf(5)
>> >> has no 'use ssl' directive. You might be confusing directives for
>> >> some other ldap.conf file with OpenLDAP's ldap.conf(5).
>> >SuSE mixes nss_ldap and pam_ldap's ldap.conf (from PADL software) with
>> >openldap's ldap.conf.
>>If so, that's ill-advised.
>>Regardless, "use ssl" is not, as I said above, an OpenLDAP
>>ldap.conf(5) directive and hence will be ignored by OpenLDAP
>>command lines tools such as ldapsearch(1).