using truss I see that ldapsearch looks for ldap.conf in right place
# truss ldapsearch -Z -h ldap.domain.com ................. open("/etc/hosts",O_RDONLY,0666) = 3 (0x3) fstat(3,{ mode=-rw-r--r-- ,inode=49352,size=274,blksize=4096 }) = 0 (0x0) read(3,"::1\t\t\tlocalhost localhost.dom"...,4096) = 274 (0x112) close(3) = 0 (0x0) open("/usr/local/etc/openldap/ldap.conf",O_RDONLY,0666) = 3 (0x3) <----------------------- here it is - this file has no variables defined fstat(3,{ mode=-rw-r--r-- ,inode=219345,size=245,blksize=4096 }) = 0 (0x0) read(3,"#\n# LDAP Defaults\n#\n\n# See l"...,4096) = 245 (0xf5) read(3,0x801325000,4096) = 0 (0x0) close(3) = 0 (0x0) geteuid(0x0,0x801300398,0x2,0x514c50,0x514c50,0x801300000) = 0 (0x0) getuid(0x0,0x801300398,0x2,0x80102a6ac,0xffffffff80b6a880,0x7fffffffe048) = 0 (0x0) open("/root/ldaprc",O_RDONLY,0666) ERR#2 'No such file or directory' open("/root/.ldaprc",O_RDONLY,0666) ERR#2 'No such file or directory' open("ldaprc",O_RDONLY,0666) ERR#2 'No such file or directory' open("/usr/local/etc/ldap.conf",O_RDONLY,0666) = 3 (0x3) <----------------------- here it is - this file has all configuration including certificates fstat(3,{ mode=-r--r--r-- ,inode=220275,size=9338,blksize=4096 }) = 0 (0x0) read(3,"# @(#)$Id: ldap.conf,v 1.38 2006"...,4096) = 4096 (0x1000) read(3,"change\n# extended operation to "...,4096) = 4096 (0x1000) read(3,"rver certificate verification\n#"...,4096) = 1146 (0x47a) read(3,0x801325000,4096) = 0 (0x0) close(3) = 0 (0x0) sigaction(SIGPIPE,{ SIG_IGN SA_RESTART ss_t },{ SIG_DFL 0x0 ss_t }) = 0 (0x0) stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=49395,size=350,blksize=4096 }) = 0 (0x0) open("/etc/hosts",O_RDONLY,0666) = 3 (0x3) fstat(3,{ mode=-rw-r--r-- ,inode=49352,size=274,blksize=4096 }) = 0 (0x0) read(3,"::1\t\t\tlocalhost localhost.dom"...,4096) = 274 (0x112) read(3,0x80133e000,4096) = 0 (0x0) close(3) = 0 (0x0) ........................
2010/9/16 Dieter Kluenter dieter@dkluenter.de:
c0re nr1c0re@gmail.com writes:
I tryed to test with ldapsearch, but it ignores ldap.conf somehow (where CA certificate defined) and I always recieve additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (self signed certificate in certificate chain) Tryed with ldapsearch -Z -d 1 -h ldap.domain.com
[...]
ldapsearch is not ignoring ldap.conf, it always looks for this file either in the built in path, or the environment variables LDAPRC and LDAPCONF. It seems, you have placed ldap.conf in a non appropriate directory.
-Dieter
-- Dieter Klünter | Systemberatung sip: 7770535@sipgate.de http://www.dpunkt.de/buecher/2104.html GPG Key ID:8EF7B6C6