The strace was run on the client (ldapsearch), not the server (slapd).
The client is configured to look in /etc/openldap/cacerts for
cacert.pem, which is the CA that I used to sign the server's cert. So I
think that part's ok.
The slapd.conf looks like this:
TLSCACertificateFile /var/lib/ldap/cacert.pem
...right, that's for slapd on the server.
> It looks like everything is in order. An strace of the ldapsearch
> command shows this:
> open("/etc/openldap/cacerts",...
...and this is for ldapsearch on the client, which is configured thusly...
The client has in /etc/openldap/ldap.conf:
tls_reqcert try
TLS_CACERTDIR /etc/openldap/cacerts
The rest of the strace shows that the client does indeed find cacert.pem
and opens it...
open("/etc/openldap/cacerts/cacert.pem", O_RDONLY) = 5
fstat64(5, {st_mode=S_IFREG|0644, st_size=1350, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7f4b000
read(5, "-----BEGIN CERTIFICATE-----\nMIID"..., 4096) = 1350
read(5, "", 4096) = 0
--
Fran Fabrizio
Senior Systems Analyst
Department of Computer and Information Sciences
University of Alabama at Birmingham
http://www.cis.uab.edu/
205.934.0653
---
You are currently subscribed to [email protected] as: [EMAIL PROTECTED]
To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the
SUBJECT of the message.
