Have you got TLS_REQCERT allow in /etc/openldap/ldap.conf? Gareth Ansell UNIX Team Infrastructure Computing Services Coventry University 024 7688 8641
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Grant Sturgis > Sent: 08 December 2005 23:59 > To: [EMAIL PROTECTED]; [email protected] > Subject: Re: ldaps and Active Directory > > > > > >From: Shuh Chang <[EMAIL PROTECTED]> > >To: Grant Sturgis > <[EMAIL PROTECTED]>,[email protected] > >Subject: Re: ldaps and Active Directory > >Date: Thu, 08 Dec 2005 16:24:01 -0600 > > > >Hi Grant, > > > >Did you change your LDAP port from 389 (clear text > connection) to 636 (SSL > >connection)? > > Shouldn't this happen automatically based on the ldaps in the URI? > > How else would I change this? > > > > >Shuh > > Thanks Shuh! > > Grant > ------------ > > > >----- Original Message ----- From: "Grant Sturgis" > <[EMAIL PROTECTED]> > >To: <[email protected]> > >Sent: Thursday, December 08, 2005 2:26 PM > >Subject: ldaps and Active Directory > > > > > >>Greetings List, > >> > >>I am attempting to get ldap authentication to Active > Directory working > >>from our RHEL 4 systems. I have read the several articles > and howto > >>documents out there and am very close to getting everything working. > >> > >>pam_ldap and nss_ldap is working well with unencrypted ldap, as is > >>ldapsearch queries. The next step is getting ldaps to > work, and I am > >>hoping for some suggestions from the list to get me over the hump. > >> > >>RHEL ES 4 fully patched (up2date) > >>W2K SP4 > >> > >>This works fine: > >> > >>ldapsearch -x -H ldap://server.domain.com/ -D > >>cn=ldap,ou=Users-OU,dc=domain,dc=com -W "" > >> > >>but changing ldap to ldaps results in this error: > >> > >>ldap_bind: Can't contact LDAP server (-1) > >> additional info: error:14090086:SSL > >>routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed > >> > >> > >>I have installed Certificate Services on the W2K domain > controller and > >>exported the CA Cert and copied the file to the linux > >>box:/etc/openldap/cacerts. In /etc/openldap/ldap.conf I have tried: > >> > >>TLS_CACERTDIR /etc/openldap/cacerts > >>TLS_CACERT /etc/openldap/cacerts/cacert.pem > >> > >>Any suggestions would be greatly appreciated. > >> > >>Grant > >>------------------ > > >
