[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: openldap-technical Digest, Vol 70, Issue 20

>Message: 12
>Date: Thu, 26 Sep 2013 16:35:38 +0800
>From: "Tian Zhiying" <tianzy1225@thundersoft.com>
>To: openldap-technical <openldap-technical@openldap.org>
>Cc: tianzy1225 <tianzy1225@thundersoft.com>
>Subject: Other system use port 636 connect LDAP Server Error
>Message-ID: <2013092616353831259123@thundersoft.com>
>Content-Type: text/plain; charset="us-ascii"


>In ldap server(localhost) , I execute  the below command , it ok.
># ldapsearch -x -b 'ou=people,dc=mydomain,dc=com' -D "cn=interface,dc=mydomain,dc=com" -H ldaps:// -W

>But in other linux system is not ok, below is the error info:
># ldapsearch -x -b 'ou=people,dc=mydomain,dc=com' -D "cn=interface,dc=mydomain,dc=com" -H ldaps:// -W
>ldap_bind: Can't contact LDAP server (-1)
 >       additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

>LDAP Server is Centos 5.8 64 OS, iptables serverice is closed state. What is the cause?

>You have any Suggestions?  Thanks.

Because the telnet test worked then I would look at your client config files on that hosts in addition to seeing if the file size/permission of the cert matches the size on the other client that is working. Also try ldapsearch -x -d 1 and see what the output shows.