dhiraj.prasad@tcs.com writes:
Hello,
I have configured LDAP server on linux with TLS support and was able to fetch data from it using the 'ldapsearch' utility. However, when i tried to do this searching via code i got following errors:
Error at Server Side:
slap_listener_activate(10):
slap_listener(ldaps://)
[...]
TLS trace: SSL3 alert read:fatal:unknown CA TLS trace: SSL_accept:failed in SSLv3 read client certificate A TLS: can't accept. TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca s3_pkt.c:1053
[...]
Error at Client side:
[root@localhost LDAP1]# ./ldapSearch
TLS certificate verification: Error, self signed certificate in certificate chain TLS trace: SSL3 alert write:fatal:unknown CA TLS trace: SSL_connect:error in SSLv3 read server certificate B TLS trace: SSL_connect:error in SSLv3 read server certificate B TLS: can't connect. ldap_err2string
[...]
Failure of LDAP bind -1-Can't contact LDAP server [root@localhost LDAP1]#
[...]
ldap_set_option(ld, LDAP_OPT_X_TLS_CACERTFILE, "/root/cacert.pem");
The error is so obvious, I presume that slapd and users cannot read the cacert.pem. Put the CA in a place which can be accessed by all users.
-Dieter