[Date Prev][Date Next]
Re: Unable to connect via TLS
- To: openldap-software@OpenLDAP.org
- Subject: Re: Unable to connect via TLS
- From: Patrick Radtke <firstname.lastname@example.org>
- Date: Tue, 6 Jul 2004 12:30:11 -0400
- In-reply-to: <email@example.com>
- References: <firstname.lastname@example.org>
On Jul 6, 2004, at 12:17 PM, Jean-Denis Langelier wrote:
Your ldap server has a certificate that says "I am ldap.usherbrooke.ca".
I tried putting putenv(
strdup("LDAPTLS_CACERT=./cert")); before my ldap_init
statment, and now I just get
ldap_start_tls_s: Connect error (91)
ldap_simple_bind_s: Can't contact LDAP server (81)
as error messages.
Excuse my ignorence on the subject, but what exactly
does the cert file do? Do I need to put something in
it before executing my program?
But since anyone could make such a certificate, your ldap server's
certificate is signed by a Certificate Authority (CA).
The CA is someone you trust, and the server trusts, and therefor when
you get the certificate from your ldap server, you can trust that you
are really talking to your ldap server.
Therefor you need a copy of the CA's certificate on your machine (so
that you can use it to verify the certificate from the ldap server).
You'll have to contact someone in your organization about where the to
get the CA certificate.
Oh, and I tried connecting with ldapsearch using the
ldapsearch -h ldap.usherbrooke.ca -ZZ
and I get the following message:
ldap_start_tls: Connect error (91)
additional info: error:14090086:SSL
wich is stragely familliar to the one I get with my
The tools need to know where the CA certificate is too. Once you've
received the CA certificate, edit your ldap.conf file and add
TLS_CACERT=path to CA cert.
see man ldap.conf for more info