Fran Fabrizio wrote:
The strace was run on the client (ldapsearch), not the server (slapd).
Oops, I read too quickly. My mistake.
The client is configured to look in /etc/openldap/cacerts for cacert.pem, which is the CA that I used to sign the server's cert. So I think that part's ok.
So long as it's the same cert file as:
TLSCACertificateFile /var/lib/ldap/cacert.pem
But the error is definitely showing a failure on the verification, so something is up with that /etc/openldap/cacerts. Did you try:
# openssl verify -CAfile /etc/openldap/cacerts/cacert.pem -purpose sslserver /var/lib/ldap/servercrt.pem
Sorry if I'm not help, but it seems like this should be an easy problem. Jon Roberts www.mentata.com --- You are currently subscribed to [email protected] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
