[Date Prev][Date Next] [Chronological] [Thread] [Top]

TLS problems

I have this weird problem with TLS configuration. I have this LDAP
server working for a long time but without any use off TLS/SSL. So I
decided to set it up to use TLS. I created a server.pem that i placed in
/etc/ssl/openldap an configured slapd.conf and ldap.conf as I show later

All seemed well if it wasn't for the following problem. 
If I execute this command line: 
ldapsearch -LLL -H ldaps://fqdn/ -x -D"cn=root,dc=dcc"
-b"dc=alunos,dc=dcc" -W

as root it works and with some other user it doesn't.

As root I get all my entries in my subtree (expected) and with any other
user I get: 

ldap_bind: Can't contact LDAP server (81)
        additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

(I'm only displaying the lines I added to my working configuration)

My slapd.conf contains the following lines:

TLSCertificateFile      /etc/ssl/openldap/ldap.pem
TLSCertificateKeyFile   /etc/ssl/openldap/ldap.pem
TLSCACertificateFile    /etc/ssl/openldap/ldap.pem


and my /etc/ldap.conf contains the following lines:

uri ldaps://fqdn/
ssl ssl start_tls


Pedro Silva