[Freeipa-users] FreeIPA 2.1 - Authenticated LDAP search
Rob Crittenden
rcritten at redhat.com
Wed Sep 14 19:08:27 UTC 2011
Dan Scott wrote:
> Hi,
>
> I'm trying to perform an authenticated LDAP search against a FreeIPA
> server (Fedora 15, freeipa-server-2.1.0-1.fc15.x86_64).
>
> When I run:
>
> [root at kelvin ~]# ldapsearch -D
> "uid=guser,cn=users,cn=accounts,dc=example,dc=com" -w 'guserpassword'
> -b "cn=accounts,dc=example,dc=com" -h kelvin.example.com -v
> "uid=guser" -ZZ -c -d1
>
> I receive the following error:
>
> ldap_start_tls: Connect error (-11)
> additional info: TLS error -8172:Unknown code ___f 20
>
> Full details shown in attachment.
>
> Can anyone help me figure out what I'm doing wrong?
The IPA CA cert isn't in the default CA bundle so you need do either set
this in /etc/openldap/ldap.conf or pass it on the command line:
LDAPTLS_CACERT=/etc/ipa/ca.crt ldapsearch ...
The error is less than desirable, for sure. -8172 is an NSS error
message meaning the Certificate is signed by an untrusted issuer.
rob
More information about the Freeipa-users
mailing list