Message: 12
Date: Thu, 26 Sep 2013 16:35:38 +0800
From: "Tian Zhiying" <tianzy1225(a)thundersoft.com>
To: openldap-technical <openldap-technical(a)openldap.org>
Cc: tianzy1225 <tianzy1225(a)thundersoft.com>
Subject: Other system use port 636 connect LDAP Server Error
Message-ID: <2013092616353831259123(a)thundersoft.com>
Content-Type: text/plain; charset="us-ascii"
Hi
In ldap server(localhost) , I execute the below command , it ok.
# ldapsearch -x -b 'ou=people,dc=mydomain,dc=com' -D
"cn=interface,dc=mydomain,dc=com" -H ldaps://192.168.1.10 -W
But in other linux system is not ok, below is the error info:
# ldapsearch -x -b 'ou=people,dc=mydomain,dc=com' -D
"cn=interface,dc=mydomain,dc=com" -H ldaps://192.168.1.10 -W
ldap_bind: Can't contact LDAP server (-1)
additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
LDAP Server is Centos 5.8 64 OS, iptables serverice is closed state.
What is the cause?
You have any Suggestions? Thanks.
Because the telnet test worked then I would look at your client config files on that hosts
in addition to seeing if the file size/permission of the cert matches the size on the
other client that is working. Also try ldapsearch -x -d 1 and see what the output shows.