Mysteries of openldap
Timothy Murphy
tim at birdsnest.maths.tcd.ie
Sat Dec 1 13:23:47 UTC 2007
Anthony Messina wrote:
> if you're doing a command line test like ldapsearch, you'll have to add
> -ZZ to enforce TLS encryption with the search.
Yes, thanks, I had discovered that after some time.
I find I can access the ldap directory from the desktop
on which the openldap server is running:
-------------------------
[tim at alfred ~]$ ldapsearch -x -ZZ
# extended LDIF
...
# search result
search: 3
result: 0 Success
# numResponses: 7
# numEntries: 6
-------------------------
but not from my laptop:
-------------------------
[tim at elizabeth ~]$ ldapsearch -x -ZZ
ldap_start_tls: Connect error (-11)
additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
-------------------------
I've never really understood this certificate business.
Is there a simple tutorial on that anywhere?
One minor source of confusion is that Fedora
seems to keep certificates in /etc/pki/tls/
whereas all the openldap documentation I have looked at
seems to expect them in other /etc/ directories.
But thanks very much for your help.
I am making progress, slowly but surely.
More information about the fedora-list
mailing list