Thanks for the reply. Yes, I have successfully used this cert with
openldap programs - ldapsearch. I've tried both specifying a ca cert
directory and cert file. In fact, all programs I can test with work
except for the code around dict_ldap as far as I can tell. That
includes openDS and openldap ldapsearch, courier authlib's ldap module,
and cyrus saslauthd.
-Nick
Quanah Gibson-Mount wrote:
--On Tuesday, February 24, 2009 6:48 PM -0600 Nick Geron
<nge...@corenap.com> wrote:
I'm in the process of putting together a postfix system with an ldap
back-end and have come
across something very odd regarding ldap_table. Basically, postfix
does
not load my private CA.
The CA is really a self signed cert generated by java keytool - try as I
might, I couldn't get keytool to
use our private CA generated by openssl.
It all works for me with OpenLDAP, and openssl generating all the
certs. Have you tried using ldapsearch to do a startTLS session, using
that same CA cert? Are you sure it is a fully formed CA cert? I
usually use a CA Cert directory, so any intermediate certs are in the
chain along with the root cert.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration