Bliss, Aaron
2006-Jan-18 00:46 UTC
[Fedora-directory-users] weird error when querying directory server
this works great from a redhat 4 box, however from my redhat 3 box I
receive the following error:
ldapsearch -x -ZZ ''(uid =azb)''
ldap_start_tls: Connect error
additional info: Start TLS request accepted.Server willing to
negotiate SSL.
relevant entries of /etc/ldap.conf look like this:
pam_password md5
ssl start_tls
ssl on
tls_cacertfile /etc/openldap/cacerts/cacert.pem
tls_cacertdir /etc/openldap/cacerts/
client has read and execute to the ca certificate
relavent entries of /etc/openldap/ldap.conf
TLS_CACERTDIR /etc/openldap/cacerts
TLS_REQCERT allow
I''m just trying to verify that ssl logins are working from the redhat 3
box; secure logins from the redhat 4 box work fine. Thanks very much
for your help.
Aaron
www.preferredcare.org
"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D.
Power and Associates
Confidentiality Notice:
The information contained in this electronic message is intended for the
exclusive use of the individual or entity named above and may contain privileged
or confidential information. If the reader of this message is not the intended
recipient or the employee or agent responsible to deliver it to the intended
recipient, you are hereby notified that dissemination, distribution or copying
of this information is prohibited. If you have received this communication in
error, please notify the sender immediately by telephone and destroy the copies
you received.
Mark McLoughlin
2006-Jan-18 07:38 UTC
Re: [Fedora-directory-users] weird error when querying directory server
Hi, A similar problem was discussed only last week on this list. Check the archives. On Tue, 2006-01-17 at 19:46 -0500, Bliss, Aaron wrote:> this works great from a redhat 4 box, however from my redhat 3 box I > receive the following error: > ldapsearch -x -ZZ ''(uid =azb)'' > > ldap_start_tls: Connect error > additional info: Start TLS request accepted.Server willing to > negotiate SSL.Use "-d 10" to get more info on the problem.> relevant entries of /etc/ldap.conf look like this:/etc/ldap.conf isn''t relevant to the OpenLDAP utils. It''s only used by nss-ldap and pam-ldap.> relavent entries of /etc/openldap/ldap.conf > TLS_CACERTDIR /etc/openldap/cacerts > TLS_REQCERT allowDo you have the CA certificate in /etc/openldap/cacerts? Are you using the certificate hash as the filename? i.e. did you do: $> openssl x509 -noout -hash -in cacert.pem 8c7ad84c $> cp cacert.pem /etc/openldap/cacerts/8c7ad84c.0 Cheers, Mark.