Where do I need to put a CA certificate so that Openldap can find it properly? I have openldap version 2.3.27 that was compiled using openssl support on a Solaris 10 machine. Trying to do secure LDAP transactions with ldapsearch results in
SSL initialization failed: error -8192 (An I/O error occurred during security authorization.)
Trying to do raw ssl connects (using openssl s_client -connect) fail saying it can't find the local issuer certificate, but if I include the -Cafile option to tell it exactly where the CA cert is, then it works fine. My ldap.conf has the following entries, and I have double and triple checked the paths and file names:
TLS_REQCERT never
TLS_CACERT /etc/sfw/openssl/certs/cacert.pem
TLS_CACERTDIR /etc/sfw/openssl/certs
--------------------------------------------------------------------
Aaron Smith Aaron.Smith@kzoo.edu
System Administrator (269) 337-7496
Kalamazoo College
Where do I need to put a CA certificate so that Openldap can find it properly? I have openldap version 2.3.27 that was compiled using openssl support on a Solaris 10 machine. Trying to do secure LDAP transactions with ldapsearch results in
SSL initialization failed: error -8192 (An I/O error occurred during security authorization.)
I'd try "-d -1" to see what the client is thinking, or possibly truss to see if you and it are disagreeing as to the location of ldap.conf, and (if ldap.conf is getting opened properly) to see if the open() on the CACERT is working.
With that said, I don't think I've ever seen a message like that from OpenLDAP ldapsearch(1). Are you sure you aren't running Solaris 10's /usr/bin/ldapsearch instead?
Hello,
Can you show your slapd.conf? Your client side configuration looks ok. But have you said to slapd where are the certs? http://www.openldap.org/doc/admin23/tls.html
Thanks,
Francisco Saito
On 10/12/06, Aaron Richton richton@nbcs.rutgers.edu wrote:
Where do I need to put a CA certificate so that Openldap can find it properly? I have openldap version 2.3.27 that was compiled using openssl support on a Solaris 10 machine. Trying to do secure LDAP transactions with ldapsearch results in
SSL initialization failed: error -8192 (An I/O error occurred during security authorization.)
I'd try "-d -1" to see what the client is thinking, or possibly truss to see if you and it are disagreeing as to the location of ldap.conf, and (if ldap.conf is getting opened properly) to see if the open() on the CACERT is working.
With that said, I don't think I've ever seen a message like that from OpenLDAP ldapsearch(1). Are you sure you aren't running Solaris 10's /usr/bin/ldapsearch instead?
openldap-software@openldap.org
-
Aaron Richton -
Aaron Smith -
Francisco Saito