2 Apr
2014
2 Apr
'14
12:02 a.m.
Mitchell Im wrote:
The OpenLDAP proxy works if it connects to the backend LDAP server via ldap://. The OpenLDAP proxy does *not* work if it connects to the backend LDAP server via ldaps://, though. What am I missing?
This is on CentOS 6.5, packages openldap-servers-2.4.23-34.el6_5.1.x86_64, nss-3.15.3-6.el6_5.x86_64 (Red Hat's decision).
I vaguely remember a bug in this old version regarding TLS CA cert configuration.
Try to set the LDAPTLS_CACERT env var when starting slapd or better use a newer release which has a fix for this.
Ciao, Michael.