no .ldaprc in any homedir no /etc/ldap.conf no /etc/openldap directory clean /usr/local/etc/openldap/ldap.conf (no variables defined there) only /usr/local/etc/ldap.conf (for pam_ldap) and /usr/local/etc/nss_ldap.conf (for nss with ldap)
2010/9/15 Dieter Kluenter dieter@dkluenter.de:
c0re nr1c0re@gmail.com writes:
Sorry, forgot to mention that I've tested that certificates are OK.
# starting slapd
/usr/local/libexec/slapd -u ldap -d 1 -h ldaps:///
# making test:
openssl s_client -connect 127.0.0.1:636 -CAfile /usr/local/etc/openldap/ssl-client/root.crt -showcerts
# output of test in openssl command:
[...]
Certificate chain 0 s:/C=RU/ST=MSK/L=MSK/O=ORG/OU=IT/CN=ldap.domain.com i:/C=RU/ST=MSK/L=MSk/O=ORG/OU=IT/CN=ca.domain.com -----BEGIN CERTIFICATE-----
<certificate> ..... </certificate> -----END CERTIFICATE----- 1 s:/C=RU/ST=MSK/L=MSk/O=ORG/OU=IT/CN=ca.domain.com i:/C=RU/ST=MSK/L=MSk/O=ORG/OU=IT/CN=ca.domain.com -----BEGIN CERTIFICATE----- <certificate> ..... </certificate> -----END CERTIFICATE----- --- Server certificate subject=/C=RU/ST=MSK/L=MSK/O=ORG/OU=IT/CN=ldap.domain.com issuer=/C=RU/ST=MSK/L=MSk/O=ORG/OU=IT/CN=ca.domain.com --- No client certificate CA names sent --- SSL handshake has read 1811 bytes and written 462 bytes ---
[...]
Verify return code: 0 (ok)
[...]
Ther are no errors in certificate chain and the server cert has been veryfied, so the certificate chain is OK. Please check all relevant configuration files that is /etc/openldap/ldap.conf, /etc/ldap.conf and probably ~/.ldaprc for any TLS configuration.
-Dieter
-- Dieter Klünter | Systemberatung sip: 7770535@sipgate.de http://www.dpunkt.de/buecher/2104.html GPG Key ID:8EF7B6C6