Hi,I did run some openssl commands and here is what I saw.# openssl s_client -connect <ldap server ip>:636verify error:num=20:unable to get local issuer certificateverify return:1verify error:num=21:unable to verify the first certificateverify return:1No client certificate CA names sent---SSL handshake has read 1162 bytes and written 450 bytes---Verify return code: 21 (unable to verify the first certificate)
The same thing I got when I ran the command on local ldap server too.Are the certificates not OK? If this is so, how am I able to run ldapsearch with "-ZZ" option.RegardsAsimananda
On Tue, Sep 22, 2009 at 10:15 AM, Asimananda Mohanty <firstname.lastname@example.org> wrote:
Hi,Regarding the apache issue, as I expected, fingers raised towards the certificate file even if I have clarified that the same certificate works fine with the local client (installed along with the server).Is there any way so as to prove that certificate file is Ok?RegardsAsimanandaOn Mon, Sep 21, 2009 at 3:53 PM, Asimananda Mohanty <email@example.com> wrote:
I think I am supposed to provide the bind DN with "-D" option i.e. cn=admin,dc=ldap-company,dc=com.
With this value, it works fine.Sorry for the mistake.
Reg Apache issue, I will post it here once it is solved.RegardsAsimanandaOn Mon, Sep 21, 2009 at 3:42 PM, Asimananda Mohanty <firstname.lastname@example.org> wrote:
Hi Dieter,I will try to look it from a different angle. Once I am able to solve it, I will post it here.I have one more query.On my server, I am able to get the result by :# ldapsearch -d8 -H ldaps://ldap-company.com -b dc=ldap-company,dc=com uid=asimanandaSASL/DIGEST-MD5 authentication startedPlease enter your password:<Result>But the following query doesn't show any result and throws error.# ldapsearch -d8 -H ldaps://ldap-company.com -D dc=ldap-company,dc=com uid=asimananda -WEnter LDAP Password:ldap_bind: Invalid credentials (49)#Does this mean that I have still some configuration to do?Please comment.RegardsAsimanandaOn Mon, Sep 21, 2009 at 10:54 AM, Dieter Kluenter <email@example.com> wrote:
Asimananda Mohanty <firstname.lastname@example.org> writes:
> Hi Dieter,
> Thanks for the reply.As I mentioned many times, this topip is neither OpenLDAP nor Ubuntu
> My Apache is built with openldap lib only.
> I am able to connect to ubuntu host my my solaris client on ports 389 and 636.
> Then I guess, apache is not able to verify the certificates presented. In that case, please let me know how do I debug
> slapd to watch apache connection.
related, it is just a question of how to properly set up Apache on Sun
Did you configure mod_auth_ldap and mod_ldap to use TLS?
There are two sources of information, Sun Bigadmin and Apache
documentation. Lot of documentation is referring to *.der or cert7.db
files, note that OpenLDAP only handles *.pem files. For mor
information on this topic read openssl documentation.
Dieter Klünter | Systemberatung
GPG Key ID:8EF7B6C6