[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap_start_tls_s() usage related errors

dhiraj.prasad@tcs.com writes:

> Hello,
> I have configured LDAP server on linux with TLS support and was able to
> fetch data from it using the 'ldapsearch' utility.
> However, when i tried to do this searching via code i got following errors:
> Error at Server Side:
> slap_listener_activate(10):
>>>> slap_listener(ldaps://)
> TLS trace: SSL3 alert read:fatal:unknown CA
> TLS trace: SSL_accept:failed in SSLv3 read client certificate A
> TLS: can't accept.
> TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
> s3_pkt.c:1053
> Error at Client side:
> [root@localhost LDAP1]# ./ldapSearch

> TLS certificate verification: Error, self signed certificate in certificate
> chain
> TLS trace: SSL3 alert write:fatal:unknown CA
> TLS trace: SSL_connect:error in SSLv3 read server certificate B
> TLS trace: SSL_connect:error in SSLv3 read server certificate B
> TLS: can't connect.
> ldap_err2string

> Failure of LDAP bind -1-Can't contact LDAP server
> [root@localhost LDAP1]#
> ldap_set_option(ld, LDAP_OPT_X_TLS_CACERTFILE, "/root/cacert.pem");

The error is so obvious, I presume that slapd and users cannot read
the cacert.pem. Put the CA in a place which can be accessed by all


Dieter KlÃnter | Systemberatung