I setup OpenLDAP & MIT Kerberos successfully. I created a self-signed certificate for OpenLDAP and I configured the server to work only on ldaps. I migrated all existing users and groups to OpenLDAP. Everything was working just perfect till I added a new group object using ldapadd and then deleted it using ldapdelete, since then ldapsearch takes very long time to complete. It returns the correct results but after very long time. I tried ldapsearch -d8 to see what is going on and here are the errors I got:
TLS certificate verification: Error, self signed certificate
TLS certificate verification: depth: 0, err: 18, subject: [SOME INFORMATION HERE]
TLS trace: SSL_connect:SSLv3 read server certificate A
TLS trace: SSL_connect:SSLv3 read server done A
TLS trace: SSL_connect:SSLv3 write client key exchange A
TLS trace: SSL_connect:SSLv3 write change cipher spec A
TLS trace: SSL_connect:SSLv3 write finished A
TLS trace: SSL_connect:SSLv3 flush data
TLS trace: SSL_connect:SSLv3 read finished A
TLS trace: SSL3 alert write:warning:bad certificate
TLS: unable to get peer certificate.
Do you think the delay is related to the above? What is wrong with OpenLDAP? I did not touch any configuration, only ldapadd and ldapdelete! This piece of software is very unstable :( Please help.
Thank you
Amir
Express yourself instantly with MSN Messenger! MSN Messenger