[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Install CA Certificate
- To: <openldap-software@openldap.org>
- Subject: RE: Install CA Certificate
- From: "Aaron Smith" <Aaron.Smith@kzoo.edu>
- Date: Fri, 13 Oct 2006 08:57:12 -0400
- Content-class: urn:content-classes:message
- Thread-index: AcbujWgpwC4xlb2NQSK4n5G5GaXEUAAOYvQg
- Thread-topic: Install CA Certificate
Ah, but I'm trying to get this client to connect to Active Directory on
a Microsoft Domain controller, not OpenLdap slapd. :) But Aaron
Richter found my problem.
--------------------------------------------------------------------
Aaron Smith Aaron.Smith@kzoo.edu
System Administrator (269) 337-7496
Kalamazoo College
-----Original Message-----
From: Francisco Saito [mailto:fksaito@gmail.com]
Sent: Friday, October 13, 2006 2:04 AM
To: Aaron Richton
Cc: Aaron Smith; openldap-software@openldap.org
Subject: Re: Install CA Certificate
Hello,
Can you show your slapd.conf? Your client side configuration looks ok.
But have you said to slapd where are the certs?
http://www.openldap.org/doc/admin23/tls.html
Thanks,
Francisco Saito
On 10/12/06, Aaron Richton <richton@nbcs.rutgers.edu> wrote:
> > Where do I need to put a CA certificate so that Openldap can find it
> > properly? I have openldap version 2.3.27 that was compiled using
> > openssl support on a Solaris 10 machine. Trying to do secure LDAP
> > transactions with ldapsearch results in
> >
> > SSL initialization failed: error -8192 (An I/O error occurred during
> > security authorization.)
>
> I'd try "-d -1" to see what the client is thinking, or possibly truss
to
> see if you and it are disagreeing as to the location of ldap.conf, and
(if
> ldap.conf is getting opened properly) to see if the open() on the
CACERT
> is working.
>
> With that said, I don't think I've ever seen a message like that from
> OpenLDAP ldapsearch(1). Are you sure you aren't running Solaris 10's
> /usr/bin/ldapsearch instead?
>