LDAP server running on FC1, gq clients running on RH9 and FC1.
When I select Enable TLS in gq server setup on the RH9 clients my LDAP searches work fine.
When I do the same on the FC1 clients I get an error like:
Couldn't enable TLS on the LDAP connection. Connection error Additional error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICAL:certificate verify failed
All RH9 clients work fine, all FC1 clients fail. Anyone have any
guesses?
I copied a non-working .gq config file from FC1 to a RH9 users dir and ran gq and then ran a search and the search worked. I feel like maybe FC1 is missing something, but I can not figure out what.
I don't know anything about gq, but if it uses openldap then that has changed in version 2.1 (which is what FC1 ships with) such that the default action is to verify the server CA chain. If your server cert. isn't signed by a trusted CA then this verify will fail with the above error.
You can change the default action for openldap in /etc/ldap.conf by adding the line:
tls_reqcert allow
HTH
--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw@xxxxxxxxxxxx
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555