[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: backend-meta usage

OK, a couple long shots (I don't really believe these, but they should be quick to try and since you're not working anyway they shouldn't hurt)...

Do TLSCACertificateFile and/or TLSCACertificatePath match TLS_CACERT and/or TLS_CACERTDIR? Can you make them that way?

Can you verify somehow that the ldap.conf you expect to be read is indeed being read? That there's no ~/.ldaprc in the way?

"TLS_REQCERT never" should set the library to its most liberal; it's somewhat surprising that it's still complaining about CA in that case.

On Wed, 24 Jan 2007, Stephen Agar wrote:

I appreciate everyone's advice, I have verified that as the same uid "user
ldap", i CAN connect to the external LDAP server via "ldapwhoami over
ldaps://" but when connecting to localhost and attempting to use the "meta"
definition, it doesn't work.

I don't have a copy of the cacert on the external server, i just have a self
signed setup on my own openldap box. Do I need to get a copy of their
cacert.pem and configure that in my ldap.conf?

I haven't had a chance to look at the strace/truss output yet, but will post
when I do.