[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: problem with ldapsearch/TLS ( or Fedora Core 2?? )

Looking at the last statment of the debugging output. If you were to search Google using info: "error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure". You would notice that Howard has highlighted a common misunderstanding among many have: TLS uses port 389 not 636: http://www.openldap.org/lists/openldap-software/200404/msg00364.html Could you pls check if there is a port 636 statement in ldap.conf (at client or server if u do local test), that should be changed to "PORT 389" or delete this "PORT 636" statement to use the implied default which is PORT 389. slapd should also be listening on port 389. Gary -----Original Message----- From: owner-openldap-software@OpenLDAP.org [mailto:owner-openldap-software@OpenLDAP.org] On Behalf Of Barrow H Kwan Sent: Saturday, October 23, 2004 10:15 AM To: Jeff Warnica Sent by: owner-openldap-software@OpenLDAP.org 10/22/2004 07:50 PM To Barrow H Kwan cc OpenLdap Software List Subject Re: problem with ldapsearch/TLS ( or Fedora Core 2?? ) On Thu, 2004-21-10 at 19:16 -0700, Barrow H Kwan wrote > > [root@myhost root]# ldapsearch -H ldap://myhost.domain.com -D > uid=user1,ou=People,dc=Corporate,dc=Domain,dc=COM -x -W -ZZ > ldap_start_tls: Connect error (91) > additional info: error:14090086:SSL > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed > : is it a problem with ldapsearch ? Unlikely. Does ldapsearch know about your CA certs? Note that /etc/ldap.conf is for pam/nss _only_, everything else uses, ie, /erc/openldap/ldap.conf ... at least with all the RH/Fedora RPMs. If that doesn't work, run ldapsearch with "-d -1" and see if that gives any hits.