Re: Mysteries of openldap

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 2007-12-01 at 13:23 +0000, Timothy Murphy wrote:
> Anthony Messina wrote:
> 
> > if you're doing a command line test like ldapsearch, you'll have to add
> > -ZZ to enforce TLS encryption with the search.
> 
> Yes, thanks, I had discovered that after some time.
> I find I can access the ldap directory from the desktop
> on which the openldap server is running:
> -------------------------
> [tim@alfred ~]$ ldapsearch -x -ZZ
> # extended LDIF
> ...
> # search result
> search: 3
> result: 0 Success
> 
> # numResponses: 7
> # numEntries: 6
> -------------------------
> but not from my laptop:
> -------------------------
> [tim@elizabeth ~]$ ldapsearch -x -ZZ
> ldap_start_tls: Connect error (-11)
>         additional info: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> -------------------------
> 
> I've never really understood this certificate business.
> Is there a simple tutorial on that anywhere?
> 
> One minor source of confusion is that Fedora
> seems to keep certificates in /etc/pki/tls/
> whereas all the openldap documentation I have looked at
> seems to expect them in other /etc/ directories.
> 
> But thanks very much for your help.
> I am making progress, slowly but surely.
----
your laptop...contents of /etc/openldap/ldap.conf are probably the
issue...does it recognize your ca cert?

TLS_CACERT or TLS_CACERTDIR contain the ca cert?

Craig


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux