[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS LDAP Configuration w/Linux 5.0

Buchan Milne wrote:
On Thursday 21 February 2008 00:07:28 Mathis, Jim wrote:
OS: RH Enterprise Server 5.1
Server Certificates: Created using a Common Name of "S80.com"
Client Certificate: Copied "cacert.pem" from the server and placed into

uri ldaps://


URI ldaps://


ldapsearch -x 'uid=jmathis' -H ldaps://
ldap_bind: Can't contact LDAP server (-1)

The basic rules for SSL validation include "host name you connect to must match subject CN", so, if is S80.com, then -H ldaps://S80.com should work ... but I guess it isn't, so you need to generate a new cert with the name your clients connect to (hostname part of URI).]

Please remember to use the "-d" debug flag when investigating problems like this. There's a reason it's there.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/