Hi
I am running Openldap 2.4.23 on RHEL6. I can telnet to the server on both 389 636 ports. I can do a ldapsearch and ldapadd without any errors. I get this error when I start the slapd daemon.
/ldap_start_tls_s() failed: Can't contact LDAP server: Transport endpoint is not connected (uri="ldap://ldapserver")// //failed to bind to LDAP server ldap://ldapserver: Can't contact LDAP server: Transport endpoint is not connected/
When I do a ldapsearch -x -d1 -Z -b 'dc=flamengro,dc=co,dc=za'
I get the following error
/TLS: certificate [//CA certificate details omitted here...] is not valid - error -8172:Peer's certificate issuer has been marked as not trusted by the user..// //TLS: error: connect - force handshake failure: errno 0 - moznss error -8172// //TLS: can't connect: TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user..// //ldap_err2string// //ldap_start_tls: Connect error (-11)// // additional info: TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user/
Any help will be appreciated.
This is my slapd.conf file
include /etc/openldap/schema/corba.schema include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/duaconf.schema include /etc/openldap/schema/dyngroup.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/java.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/openldap.schema include /etc/openldap/schema/ppolicy.schema include /etc/openldap/schema/collective.schema allow bind_v2 pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args TLSCipherSuite HIGH TLSCertificateFile /etc/pki/tls/certs/slapdcert.pem TLSCertificateKeyFile /etc/pki/tls/certs/slapdkey.pem TLSVerifyClient never database bdb suffix "dc=flamengro,dc=co,dc=za" checkpoint 1024 15 rootdn "cn=Manager,dc=flamengro,dc=co,dc=za" rootpw secret directory /var/lib/ldap/flamengro index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub database monitor # allow only rootdn to read the monitor access to * by dn.exact="cn=Manager,dc=flamengro,dc=co,dc=za" read by * none access to attrs=userPassword,shadowLastChange by anonymous auth by self write by * none
I