While attempting to change a directory password I keep getting this message...
[root@xxx ~]# ldappasswd -x -ZZ -D "cn=directory manager" -w "mypass"
uid=se253264,ou=people,dc=xxx,dc=cle=dc=us" -a "oldpass" -s "newpass"
ldap_start_tls: Connect error (-11)
additional info: Start TLS request accepted.Server willing to negotiate
SSL.
In researching this I found to add -d1 for additional debugging information and
found this probably relevant
TLS: could not load client CA list
(file:`',dir:`/etc/openldap/cacerts/cacert.asc').
TLS: error:0200A014:system library:opendir:Not a directory ssl_cert.c:816
TLS: error:140D7002:SSL routines:SSL_add_dir_cert_subjects_to_stack:system lib
ssl_cert.c:818
ldap_perror
I do have the following in my /etc/ldap.conf file
ssl yes
tls_cacertdir /etc/openldap/cacerts
TLS_REQCERT allow
pam_password exop
And the cacert.asc does exist in that directory. This is the cacert.asc that
was created during setup of this machine using the setupssl.sh script and I
copied it to the requested directory. I am not seeing anything additional on
the HowtoSSL page and realize that TLS is necessary for the password change
function.
Thanks for any help you may have. I am also under the impression I am supposed
to copy the cacert.asc to each client machine so they can authenticate against
the cert. is this true also?
David Hoskinson | DATATRAK International
Systems Engineer
Mayfield Heights, Ohio, USA
+1.440.443.0082 x 124 (p) | +1.216.280.5457 (m)
david.hoskin...@datatrak.net<mailto:david.hoskin...@datatrak.net> |
www.datatrak.net<http://www.datatrak.net/>
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
