Sergi Tur/SGA/UPC: > > > Ok. May be I find the problem > > I try to execute > > /usr/bin/ldapsearch -Z -LLL -h ldap -b > ou=auto.master,ou=Automount,dc=skole,dc=skolelinux,dc=no -x > > In a SkoleLinux work-station and in Ubuntu. In Ubuntu give me the error: > > /usr/bin/ldapsearch -Z -LLL -h ldap -b > ou=auto.master,ou=Automount,dc=skole,dc=skolelinux,dc=no -x > ldap_start_tls: Connect error (91) > additional info: Error in the certificate. > ldap_bind: Local error (82) > additional info: Error in the certificate. > > Then is an error with connection though ssl. Ldap client doesn't have the > server's certificate or something similar. > > Any Idea?
If I remember correctly, it's using self-signed certificates. Try cut'n'paste this into a terminal as root: echo "TLS_REQCERT allow" >> /etc/ldap.conf This will enable your client to work with ldapservers using self-signed certificates. Another thing. The commonName in the server-certificate is maybe ldap.intern and not just ldap - so contacting the server by hostname 'ldap.intern' might also solve your problem - since you always should contact the ssl-/tls-enabled server by the (set) of commonName(s) it uses. You can check any ssl-certificate service by using the utils in OpenSSL. E.g.: openssl s_client -showcerts <hostname>:<port> which would print out all certificates in the certificate-chain the the remote service holds. The s_client command has other nice options you can play with as well. -- Regards Bjorn Ove Grotan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
