Hello,
I'm currently encountering a weird issue I don't understand. I'm working on this problem since 3 days now, withount any clue.
My problem:
I built a sample client that connect to a LDAP server, to test authentication. It works fine for LDAP, but fails for LDAPS, as long as I don't provide the right certs. The issue is that I tried setting the TLS_CACERT in different locations without success (I tried in the system /etc/ldap/ldap.conf, custom location by setting the LDAPCONF env variable, setting environment variable LDAPTLS_CACERT, etc.)
What is weird (for me) is that using the same ldap.conf (global or user), or environment variable works for the ldapsearch client that comes witth the openldap distribution.
More strange, is that setting the TLS_REQCERT parameter (either in ldap.conf or in an environment variable) works for my custom client.
In my client, displaying
I probably missed something, do I need to explicitely call some function to initialize these parameters? Is there any way to trace calls to these internal functions that should read the ldap.conf or environment variables?
Any idead is welcome!
thanks, chris
On 07/22/2011 05:49 AM, Christophe Thibault wrote:
Hello,
I'm currently encountering a weird issue I don't understand. I'm working on this problem since 3 days now, withount any clue.
My problem:
I built a sample client that connect to a LDAP server, to test authentication. It works fine for LDAP, but fails for LDAPS, as long as I don't provide the right certs. The issue is that I tried setting the TLS_CACERT in different locations without success (I tried in the system /etc/ldap/ldap.conf, custom location by setting the LDAPCONF env variable, setting environment variable LDAPTLS_CACERT, etc.)
What is weird (for me) is that using the same ldap.conf (global or user), or environment variable works for the ldapsearch client that comes witth the openldap distribution.
More strange, is that setting the TLS_REQCERT parameter (either in ldap.conf or in an environment variable) works for my custom client.
In my client, displaying
I probably missed something, do I need to explicitely call some function to initialize these parameters? Is there any way to trace calls to these internal functions that should read the ldap.conf or environment variables?
Any idead is welcome!
What platform? If you are using RHEL or Fedora - what does rpm -qi openldap say?
thanks, chris
openldap-technical@openldap.org