On 10/24/2021 11:19 PM, Ulrich Windl wrote:
Some time ago the way to install root certificates had changed
You mean on the server side? There's nothing wrong with the certificate chain on the server, everything trusts that properly including the ldapsearch included with the Symas openldap 2.4 rpms. The issue is that the 2.5 rpms include their own bundled version of openssl, which is not configured to trust the system certificate repository.
--On Monday, October 25, 2021 12:33 PM -0700 "Paul B. Henson" henson@acm.org wrote:
On 10/24/2021 11:19 PM, Ulrich Windl wrote:
Some time ago the way to install root certificates had changed
You mean on the server side? There's nothing wrong with the certificate chain on the server, everything trusts that properly including the ldapsearch included with the Symas openldap 2.4 rpms. The issue is that the 2.5 rpms include their own bundled version of openssl, which is not configured to trust the system certificate repository.
Symas OpenLDAP for Linux 2.4 is a rebuild of how the upstream vendor packaged the software and does not necessarily reflect the way in which Symas would package the software.
Symas OpenLDAP 2.5 (and soon 2.6) reflect how we would package the software. Note that in 2.6, you can specify multiple paths to find CA certs in, so you could configure it to use the system CAs as well as your own local certificate authority if desired.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
On 10/25/2021 12:33 PM, Quanah Gibson-Mount wrote:
Symas OpenLDAP 2.5 (and soon 2.6) reflect how we would package the software. Note that in 2.6, you can specify multiple paths to find CA certs in, so you could configure it to use the system CAs as well as your own local certificate authority if desired.
Okay, cool; I will update my local configuration to meet my needs, thanks…
openldap-technical@openldap.org