Thank you so much, Ven, for your reply.
I have some questions.
-- create an environment variable LDAPCONF <DAISY>: Question, what value is this environment variable set to? Does OpenSSL or OpenLDAP use this env variable?
-- create a file called ldap_ssl_cert_config and placed the following line in it: TLS_CACERTDIR /etc/pki/tls <DAISY>: Question, in what directory should I create this file? How is this file "ldap_ssl_cert_config" file used? How does OpenLDAP client know what file to look for, in which directory?
And /etc/pki/tls does not exist in my file system. What is this "/etc/pki/tls" anyway?
-- ran my program
From: Mahadevan, Venkatasubramanian [mailto:Venkatasubramanian.Mahadevan@ubc.ca] Sent: Tuesday, August 30, 2011 6:25 PM To: Wu, Daisy; openldap-technical@openldap.org Subject: RE: OpenLDAP client test program connecting to LDAP server over SSL failed
It failed because of this error: ldap_sasl_bind_s: Can't contact LDAP server (-1) error:14090086:SSL routines: SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Hi Daisy,
I have noticed that sometimes depending on the version of OpenSSL you are linking the LDAP libraries to, it will throw this error. So what I did was: -- create an environment variable LDAPCONF -- create a file called ldap_ssl_cert_config and placed the following line in it: TLS_CACERTDIR /etc/pki/tls -- ran my program
Then it worked and I did not get the error anymore. Hope this helps.
cheers,
Ven