Hi, Karsten Römke <[EMAIL PROTECTED]> writes:
> Dieter Kluenter schrieb: >> Hi, > Hi, > I have done: > oracle:/etc/openldap # openssl x509 -in servercrt.pem -text > servercrt.txt > oracle:/etc/openldap # openssl x509 -in cacert.pem -text > cacert.txt > and here are parts out of this files: > oracle:/etc/openldap # grep -i keyid servercrt.txt > > keyid:90:4F:E9:05:AA:38:FC:D9:21:45:B0:BD:A5:2E:B3:5B:E9:59:38:AF > oracle:/etc/openldap # grep -i keyid cacert.txt > > keyid:90:4F:E9:05:AA:38:FC:D9:21:45:B0:BD:A5:2E:B3:5B:E9:59:38:AF > I assume that this keyids must be the same? Yes. [...] > Sorry, I don't understand that. Now I tried only from > the server oracle.hhb.bonn.de with the command > ldapsearch -h oracle.hhb.bonn.de -b "dc=hhb,dc=bonn,dc=de" -D > "cn=manager,dc=hhb,dc=bonn,dc=de" -x -W -ZZ -d1 > and the following entries in /etc/openldap/ldap.conf > ------------# > # LDAP Defaults > # > > # See ldap.conf(5) for details > # This file should be world readable but not world writable. > > #BASE dc=example, dc=com > #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 > > #SIZELIMIT 12 > #TIMELIMIT 15 > #DEREF never > TLS_REQCERT allow > ssl start_tls > host oracle.hhb.bonn.de > base dc=hhb,dc=bonn,dc=de > TLS_CACERT /etc/openldap/cacert.pem > ---------------------- Is your cacert.pem world readable? > again: no success with tls: [...] Do a strace, that is strace -o /tmp/ldap-strace-log ldapsearch -H ldap://oracle.hhb.bonn.de -b "your.base" -x -D -ZZ search the ldap-strace-log for lines like open("/etc/openldap/ldap.conf", O_RDONLY) = 3 read(3, "TLS_CERT /home/dieter/certs/diet"..., 4096) = 252 open("/home/dieter/certs/kluenterCA.pem", O_RDONLY) = 4 read(4, "-----BEGIN CERTIFICATE-----\nMIID"..., 4096) = 1367 If you see errors instead of read, check why this files can't be read. -Dieter -- Dieter Klünter | Systemberatung http://www.dkluenter.de GPG Key ID:8EF7B6C6 --- You are currently subscribed to [email protected] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
