<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.2802" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><SPAN class=153572701-18012006><FONT face=Arial
color=#0000ff size=2>all set, not sure why, but changing line in
/etc/openldap/ldap.conf to TLS_CACERT
/etc/openldap/cacerts/cacert.pem<BR> took care of it; thanks
again.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=153572701-18012006><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=153572701-18012006><FONT face=Arial
color=#0000ff size=2>Aaron</FONT></SPAN></DIV><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> fedora-directory-users-bounces@redhat.com
[mailto:fedora-directory-users-bounces@redhat.com] <B>On Behalf Of </B>Bliss,
Aaron<BR><B>Sent:</B> Tuesday, January 17, 2006 7:47 PM<BR><B>To:</B>
fedora-directory-users@redhat.com<BR><B>Subject:</B> [Fedora-directory-users]
weird error when querying directory server<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV><FONT face=Arial><FONT color=#0000ff><FONT size=2><SPAN
class=353243700-18012006>this works great from a redhat 4 box, however from my
redhat 3 box I receive the following
error:</SPAN></FONT></FONT></FONT></DIV>
<DIV><FONT size=+0><FONT size=+0><FONT face=Arial><FONT color=#0000ff><FONT
size=2>ldapsearch -x -ZZ '(uid<SPAN
class=353243700-18012006> =azb</SPAN>)'<BR><SPAN
class=353243700-18012006> </SPAN></FONT></FONT></FONT></FONT></FONT></DIV>
<DIV><FONT size=+0><FONT size=+0><FONT size=+0><FONT face=Arial color=#0000ff
size=2>ldap_start_tls: Connect
error<BR> additional info: Start TLS
request accepted.Server willing to negotiate SSL.<SPAN
class=353243700-18012006> </SPAN></FONT></FONT></FONT></FONT></DIV>
<DIV><FONT size=+0><FONT size=+0><FONT size=+0><FONT face=Arial color=#0000ff
size=2><SPAN
class=353243700-18012006></SPAN></FONT></FONT></FONT></FONT> </DIV>
<DIV><FONT size=+0><FONT size=+0><FONT size=+0><FONT face=Arial color=#0000ff
size=2><SPAN class=353243700-18012006>relevant entries of /etc/ldap.conf look
like this:</SPAN></FONT></FONT></FONT></FONT></DIV>
<DIV><FONT size=+0><FONT size=+0><FONT size=+0><FONT face=Arial color=#0000ff
size=2><SPAN class=353243700-18012006>pam_password md5<BR>ssl start_tls<BR>ssl
on<BR>tls_cacertfile /etc/openldap/cacerts/cacert.pem<BR>tls_cacertdir
/etc/openldap/cacerts/<BR></SPAN></FONT></FONT></FONT></FONT></DIV>
<DIV><FONT size=+0><FONT size=+0><FONT size=+0><FONT face=Arial color=#0000ff
size=2><SPAN class=353243700-18012006>client has read and execute to the ca
certificate</SPAN></FONT></FONT></FONT></FONT></DIV>
<DIV><FONT size=+0><FONT size=+0><FONT size=+0><FONT face=Arial color=#0000ff
size=2><SPAN
class=353243700-18012006></SPAN></FONT></FONT></FONT></FONT> </DIV>
<DIV><FONT size=+0><FONT size=+0><FONT size=+0><FONT face=Arial color=#0000ff
size=2><SPAN class=353243700-18012006>relavent entries of
/etc/openldap/ldap.conf</SPAN></FONT></FONT></FONT></FONT></DIV>
<DIV><FONT size=+0><FONT size=+0><FONT size=+0><FONT face=Arial color=#0000ff
size=2><SPAN class=353243700-18012006>TLS_CACERTDIR
/etc/openldap/cacerts<BR>TLS_REQCERT
allow<BR></SPAN></FONT></FONT></FONT></FONT></DIV>
<DIV><FONT size=+0><FONT size=+0><FONT size=+0><FONT face=Arial color=#0000ff
size=2><SPAN class=353243700-18012006>I'm just trying to verify that ssl logins
are working from the redhat 3 box; secure logins from the redhat 4 box work
fine. Thanks very much for your
help.</SPAN></FONT></FONT></FONT></FONT></DIV>
<DIV><FONT size=+0><FONT size=+0><FONT size=+0><FONT face=Arial color=#0000ff
size=2><SPAN
class=353243700-18012006></SPAN></FONT></FONT></FONT></FONT> </DIV>
<DIV><FONT size=+0><FONT size=+0><FONT size=+0><FONT face=Arial color=#0000ff
size=2><SPAN
class=353243700-18012006>Aaron</DIV></SPAN></FONT></FONT></FONT></FONT>
<DIV><FONT size=+0><FONT size=+0><FONT size=+0><FONT face=Arial color=#0000ff
size=2><SPAN
class=353243700-18012006></SPAN><BR> </DIV></FONT></FONT></FONT></FONT><!--[object_id=#preferredcare.org#]-->
<P align=left><FONT face=Tahoma size=2><FONT color=#0000ff><A
href="http://www.preferredcare.org">www.preferredcare.org</A><BR>"An Outstanding
Member Experience," Preferred Care HMO Plans -- J. D. Power and
Associates</FONT></FONT></P>
<P align=left><FONT face=Tahoma size=2><FONT color=#0000ff>Confidentiality
Notice:<BR>The information contained in this electronic message is intended for
the exclusive use of the individual or entity named above and may contain
privileged or confidential information. If the reader of this message is
not the intended recipient or the employee or agent responsible to deliver it to
the intended recipient, you are hereby notified that dissemination, distribution
or copying of this information is prohibited. If you have received this
communication in error, please notify the sender immediately by telephone and
destroy the copies you received.</FONT></FONT></P></BODY></HTML>