[Date Prev][Date Next]
Re: backend-meta usage
OK, a couple long shots (I don't really believe these, but they should be
quick to try and since you're not working anyway they shouldn't hurt)...
Do TLSCACertificateFile and/or TLSCACertificatePath match TLS_CACERT
and/or TLS_CACERTDIR? Can you make them that way?
Can you verify somehow that the ldap.conf you expect to be read is indeed
being read? That there's no ~/.ldaprc in the way?
"TLS_REQCERT never" should set the library to its most liberal; it's
somewhat surprising that it's still complaining about CA in that case.
On Wed, 24 Jan 2007, Stephen Agar wrote:
I appreciate everyone's advice, I have verified that as the same uid "user
ldap", i CAN connect to the external LDAP server via "ldapwhoami over
ldaps://" but when connecting to localhost and attempting to use the "meta"
definition, it doesn't work.
I don't have a copy of the cacert on the external server, i just have a self
signed setup on my own openldap box. Do I need to get a copy of their
cacert.pem and configure that in my ldap.conf?
I haven't had a chance to look at the strace/truss output yet, but will post
when I do.