Paul Stephens wrote:
Hi,
Having problems getting my TLS setup working.
Current setup:
Ubuntu 11.10 (3.0.0-16 server)
OpenLDAP 2.4.25
I have been using the instructions at: https://help.ubuntu.com/11.10/serverguide/C/openldap-server.html though to be honest I am relatively new to TLS and using certtool, etc. I have now been copy and pasting the commands given in case my typing is as good as it usually is.
Unencrypted LDAP works fine including syncing with a slave and samba authentication (non-TLS that is!)
It appears to be something to do with the self-signed certificate not being trusted and seems to be a common problem people run into. I have been researching it for a while but at this stage I’m kind of just trying randomly browsed suggestions, with most admittedly geared towards pervious OpenLDAP versions and not really assisting with my understanding of the problem in the first place.
You should read the OpenLDAP Admin Guide.
http://www.openldap.org/doc/admin24/tls.html
The Ubuntu doc you read is not wrong, but it only told you how to configure the server. (Obviously, since it's labelled a "serverguide"). You also need to do some client side configuration. The OpenLDAP Admin Guide chapter on TLS tells you how to do both.
TLS: peer cert untrusted or revoked (0x42)
TLS: can't connect: (unknown error code).
ldap_err2string
ldap_start_tls: Connect error (-11)
additional info: (unknown error code)