Add
TLS_REQCERT try
(or "allow" or "never") in your ldap.conf. The default is "demand" (or
"hard"), then you are trying to verify server certificate. See ldap.conf (5)
Grant Sturgis wrote:
Greetings List,
I am attempting to get ldap authentication to Active Directory working
from our RHEL 4 systems. I have read the several articles and howto
documents out there and am very close to getting everything working.
pam_ldap and nss_ldap is working well with unencrypted ldap, as is
ldapsearch queries. The next step is getting ldaps to work, and I am
hoping for some suggestions from the list to get me over the hump.
RHEL ES 4 fully patched (up2date)
W2K SP4
This works fine:
ldapsearch -x -H ldap://server.domain.com/ -D
cn=ldap,ou=Users-OU,dc=domain,dc=com -W ""
but changing ldap to ldaps results in this error:
ldap_bind: Can't contact LDAP server (-1)
additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
I have installed Certificate Services on the W2K domain controller and
exported the CA Cert and copied the file to the linux
box:/etc/openldap/cacerts. In /etc/openldap/ldap.conf I have tried:
TLS_CACERTDIR /etc/openldap/cacerts
TLS_CACERT /etc/openldap/cacerts/cacert.pem
Any suggestions would be greatly appreciated.
Grant
------------------
Ing. Marco DÂ’Ettorre
Consultant
SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------
Office: +39.0382.573859 (102)
Mobile: +39.348.1510674
Email: [EMAIL PROTECTED]
------------------------------------
