[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap not finding internal CA?

To: Kurt Yoder <ktyopenldap@yoderhome.com>
Subject: Re: ldap not finding internal CA?
From: Howard Chu <hyc@symas.com>
Date: Wed, 17 Jun 2009 17:55:17 -0700
Cc: openldap-technical@openldap.org
In-reply-to: <49D444AA-F05A-4836-84C4-FA64FA0F68B7@yoderhome.com>
References: <49D444AA-F05A-4836-84C4-FA64FA0F68B7@yoderhome.com>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; rv:1.9.1b5pre) Gecko/20090611 SeaMonkey/2.0a1pre Firefox/3.0.3

Kurt Yoder wrote:

Hello all,

On Ubuntu, I have set up an LDAP server and am authenticating to it
over SSL for my LDAP queries. I had it working on previous Ubuntu
releases, but something seems to have changed in the newest release
(maybe this: http://www.debian-administration.org/users/dkg/weblog/
42). I am having trouble figuring out exactly what is breaking.

Some background: I have set up my own CA and generated a certificate
for it, which the LDAP server is using. Without specifying this CA, I
get "self-signed certificate" errors when connecting:

My openldap is version 2.4.15 on Ubuntu Jaunty. Interestingly, I had
the same message about self-signed certificates on previous Ubuntu
versions, but querying ldap with "TLS_REQCERT demand" works fine.

Always START by listing your software versions, don't bury them towards thebottom of your email.


The GnuTLS issues with X.509v1 certs were fixed in 2.4.16, so you need to upgrade.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

References:
- ldap not finding internal CA?
  - From: Kurt Yoder <ktyopenldap@yoderhome.com>

Prev by Date: RE: ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Next by Date: Re: ldap not finding internal CA?
Index(es):
- Chronological
- Thread