[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap not finding internal CA?

Kurt Yoder wrote:
Hello all,

On Ubuntu, I have set up an LDAP server and am authenticating to it
over SSL for my LDAP queries. I had it working on previous Ubuntu
releases, but something seems to have changed in the newest release
(maybe this: http://www.debian-administration.org/users/dkg/weblog/
42). I am having trouble figuring out exactly what is breaking.

Some background: I have set up my own CA and generated a certificate
for it, which the LDAP server is using. Without specifying this CA, I
get "self-signed certificate" errors when connecting:

My openldap is version 2.4.15 on Ubuntu Jaunty. Interestingly, I had
the same message about self-signed certificates on previous Ubuntu
versions, but querying ldap with "TLS_REQCERT demand" works fine.

Always START by listing your software versions, don't bury them towards the bottom of your email.

The GnuTLS issues with X.509v1 certs were fixed in 2.4.16, so you need to upgrade.

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/