Hi everyone,
I am trying to set up and openLDAP server for centralized
authentication. I used self-signed certificate and put the generated
server.pem file in the slapd.conf, then i checked it using the
following command:
$openssl s_client -connect localhost:636 -showcerts
and i got :
Verify return code: 18 (self signed certificate)
which, as i read, indicates that things fine with the server.
Next, i tired:
$ldapsearch -x "uid=user1"
and i got :
============
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: uid=user1
# requesting: ALL
#
# search result
search: 2
result: 0 Success
# numResponses: 1
=============
Even though there's an entry with that uid, so i ran slapd in the
debug mode 9 using this command:
$/usr/sbin/slapd -d9 -h "ldap:/// ldaps:///" 1>/var/log/ldaplog 2>&1
and i did the ldapsearch again and got this from the log:
==========================
TLS trace:SSL_accept:error in SSLv3 read client certificate A
....
commection_read(14): unable to get TLS client DN, error=49 id=6
....
connection_read(14): input error=-2 id=6, closing.
==========================
I thought the error seen in the log could be related to the fact that
i didn't do anything on the client side to give it a certificate, so i
assigned the same server.pem file to the client in the
/etc/openldap/ldap.conf file as follows:
....
TLS_CACERT /etc/openldap/server.pem
TLS_REQCERT allow
....
and issued the ldapsearch command again, and i got this:
ldap_bind: Can't contact LDAP server (-1)
additional info: TLS: hostname does not match CN in peer certificate.
I am stuck here and don't know what to do, can any one help, please ?!