>I am trying to use an openldap client and connect to an ldap server over >ssl. I am running the openldap client from a Windows environment. I can >successfully bind and search when using port 389, non-ssl. However, I am >unsuccessful when trying to use SSL. > >I have a certificate with .kdb extension. I exported the information >using ikeyman and then created a .pem file. I'm not sure if I did this >correctly or not. > >Here is the command I am running from openldap: > >ldapsearch -x > >I am getting the following error: > >ldap_bind: Can't contact LDAP server (-1) > additional info: TLS: hostname does not match CN in peer >certificate > >Here is my ldap.conf file: > ># ># LDAP Defaults ># > ># See ldap.conf(5) for details ># This file should be world readable but not world writable. > >BASE dc=company,dc=com >#URI ldap://hostname >URI ldaps://hostname.company.com:636 > >#SIZELIMIT 12 >#TIMELIMIT 15 >#DEREF never > >#SSL yes >TLS_CACERT c:/downloads/key.pem > >Any help would be greatly appreciated! > Are the certs and the directory you put them in owned by user ldap and group ldap?
Regards, David Damon Senior Systems Integration Analyst
gifjnR7ktxmFS.gif
Description: GIF image
