GQ to LDAP on FC1
Nigel Wade
nmw at ion.le.ac.uk
Mon Apr 19 15:47:36 UTC 2004
Patrick Nelson wrote:
> LDAP server running on FC1, gq clients running on RH9 and FC1.
>
> When I select Enable TLS in gq server setup on the RH9 clients my LDAP
> searches work fine.
>
> When I do the same on the FC1 clients I get an error like:
>
> Couldn't enable TLS on the LDAP connection. Connection error
> Additional error: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICAL:certificate verify failed
>
> All RH9 clients work fine, all FC1 clients fail. Anyone have any
> guesses?
>
> I copied a non-working .gq config file from FC1 to a RH9 users dir and
> ran gq and then ran a search and the search worked. I feel like maybe
> FC1 is missing something, but I can not figure out what.
>
>
I don't know anything about gq, but if it uses openldap then that has
changed in version 2.1 (which is what FC1 ships with) such that the default
action is to verify the server CA chain. If your server cert. isn't signed
by a trusted CA then this verify will fail with the above error.
You can change the default action for openldap in /etc/ldap.conf by adding
the line:
tls_reqcert allow
HTH
--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw at ion.le.ac.uk
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
More information about the fedora-list
mailing list