Hi all,
I'm trying to configure a ldap server proxy with overlay translucent, in this way I can add group's to users on the default Ldap Server. Everything is ok until I try to use the SSL:
Ldap Server (solaris)<----(389 ldap)---> My Openladap proxy <------(389 ldap)---> Client (everything ok)
When I try to use certificates and secure Ldap, I have a problem:
Ldap Server (solaris)<----(389 ldap)---> My Openladap proxy <------(636 ldaps)---> Client (still ok)
But I have no success when I try to configure the 636 ldaps between main Ldap server (on solaris) and my openldap proxy :( the answer is "No such user".
My slapd.conf on my openldap proxy:
database bdb suffix "dc=mycompany,dc=pt" rootdn "cn=Admin,dc=mycompany,dc=pt" # Cleartext passwords, especially for the rootdn, should # be avoided. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. # rootpw secret # rootpw {crypt}ijFYNcSNctBYg rootpw {SSHA}blablabla
overlay translucent #uri ldaps://solaris_ldap_server02:636 uri ldaps://solaris_ldap_server01:636 #uri ldap://solaris_ldap_server01 #uri ldap://solaris_ldap_server02
So, if I use the "uri ldap://solaris_ldap_server01" everything is ok and wonderful but if I want something more secure like "uri ldaps://solaris_ldap_server01:636" I got a "No such user" grrrrrr.
The beautifull part is that I have all certificates and I can use wiht success the ldapsearch (636 ldaps) against the solaris_ldap_server from my openldap proxy and/or from my linux client, like: ldapsearch -H ldaps://solaris_ldap_server01:636 -x -b "dc=mycompany,dc=pt"
And if I configure a Linux client to connect directly to Solaris Server on port 636 ldaps (without my proxy), everything is ok and no problem.
When I put a tcpdump running on my Ldap Proxy the Solaris server answer with a "TLSv1 Record Layer: Alert (Level: Fatal, Description: Unknown CA)" but this is bull sheet, I have the correct certificate other way I was not able to do search querys.
The big question is, why the "overlay translucent" (proxy) does not work on secure mode? what I'm doing wrong?