Dan Scott wrote:

I'm trying to perform an authenticated LDAP search against a FreeIPA
server (Fedora 15, freeipa-server-2.1.0-1.fc15.x86_64).

When I run:

[root@kelvin ~]# ldapsearch -D
"uid=guser,cn=users,cn=accounts,dc=example,dc=com" -w 'guserpassword'
-b "cn=accounts,dc=example,dc=com" -h kelvin.example.com -v
"uid=guser" -ZZ -c -d1

I receive the following error:

ldap_start_tls: Connect error (-11)
         additional info: TLS error -8172:Unknown code ___f 20

Full details shown in attachment.

Can anyone help me figure out what I'm doing wrong?

The IPA CA cert isn't in the default CA bundle so you need do either set this in /etc/openldap/ldap.conf or pass it on the command line:

LDAPTLS_CACERT=/etc/ipa/ca.crt ldapsearch ...

The error is less than desirable, for sure. -8172 is an NSS error message meaning the Certificate is signed by an untrusted issuer.


Freeipa-users mailing list

Reply via email to