[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Other system use port 636 connect LDAP Server Error

To: Tian Zhiying <tianzy1225@thundersoft.com>
Subject: Re: Other system use port 636 connect LDAP Server Error
From: Aaron Richton <richton@nbcs.rutgers.edu>
Date: Thu, 26 Sep 2013 11:19:06 -0400 (EDT)
Cc: openldap-technical <openldap-technical@openldap.org>
In-reply-to: <2013092616353831259123@thundersoft.com>
References: <2013092616353831259123@thundersoft.com>
User-agent: Alpine 2.02 (SOC 1266 2009-07-14)

On Thu, 26 Sep 2013, Tian Zhiying wrote:

# ldapsearch -x -b 'ou=people,dc=mydomain,dc=com' -D "cn=interface,dc=mydomain,dc=com" -H ldaps://192.168.1.10 -W
ldap_bind: Can't contact LDAP server (-1)
        additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

The ldapsearch(1) client on that host is unable to verify the certificatepresented. See the ldap.conf(5) man page, focusing on the directivesTLS_CA*.


Trying something like:

  openssl s_client -connect 192.168.1.10:636 -CAfile /dev/null

and experimenting with appropriate values for "/dev/null" may be helpful.

References:
- Other system use port 636 connect LDAP Server Error
  - From: "Tian Zhiying" <tianzy1225@thundersoft.com>

Prev by Date: Re: Changing domain name
Next by Date: Re: Other system use port 636 connect LDAP Server Error
Index(es):
- Chronological
- Thread