Hi everyone,
I am trying to set up and openLDAP server for centralized authentication. I used self-signed certificate and put the generated server.pem file in the slapd.conf, then i checked it using the following command: $openssl s_client -connect localhost:636 -showcerts and i got : Verify return code: 18 (self signed certificate) which, as i read, indicates that things fine with the server. Next, i tired: $ldapsearch -x "uid=user1" and i got : ============ # extended LDIF # # LDAPv3 # base <> with scope subtree # filter: uid=user1 # requesting: ALL #
# search result search: 2 result: 0 Success
# numResponses: 1 ============= Even though there's an entry with that uid, so i ran slapd in the debug mode 9 using this command: $/usr/sbin/slapd -d9 -h "ldap:/// ldaps:///" 1>/var/log/ldaplog 2>&1 and i did the ldapsearch again and got this from the log: ========================== TLS trace:SSL_accept:error in SSLv3 read client certificate A .... commection_read(14): unable to get TLS client DN, error=49 id=6 .... connection_read(14): input error=-2 id=6, closing. ==========================
I thought the error seen in the log could be related to the fact that i didn't do anything on the client side to give it a certificate, so i assigned the same server.pem file to the client in the /etc/openldap/ldap.conf file as follows: .... TLS_CACERT /etc/openldap/server.pem TLS_REQCERT allow .... and issued the ldapsearch command again, and i got this: ldap_bind: Can't contact LDAP server (-1) additional info: TLS: hostname does not match CN in peer certificate.
I am stuck here and don't know what to do, can any one help, please ?!