hello! Pursuing my long journey on ldap tricky tracks, I've met another sphinx... maybe someone could help find the right answer...
I've tried to setup TLS protocol on my OpenLdap 2.29 version (windows). At the moment, I work on my own machine. With OpenSSL, I've issued a CA certificate, and a certificate for my server too (with the cn=localhost:389). Then I've put the lines in my slapd.conf: TLSVerifyClient never TLSCACertificateFile "./../Openssl/bin/autre/cacert.pem" TLSCertificateFile "./../Openssl/bin/autre/certs/ldapservercert.pem" TLSCertificateKeyFile "./../Openssl/bin/autre/certs/ldapserverkey.pem" TLS: could not load verify locations (file:`"./../Openssl/bin/autre/cacert.pem"' ,dir:`'). and in my ldap.conf: URI ldap://localhost:389 TLS_CACERT "./../Openssl/bin/autre/cacert.pem" TLS_REQCERT demand The thing is that when I run slapd, everything seems fine but when I try something like: ldapsearch -x -w admin -D "cn=admin,dc=ariane,dc=net" -b "dc=ariane,dc=net" (uid=rdupont) -ZZ -d -1 I got a error: TLS: error:02001003:system library:fopen:No such process bss_file.c:122 TLS: error:2006D080:BIO routines:BIO_new_file:no such file bss_file.c:125 TLS: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib by_file.c:274 ldap_perror ldap_start_tls: Connect error (-11) However this file exists (it is recognize by the slapd.conf). So I really don't know what happend. I've tried to regenerate the CA and I've check path but it didn't work. As far as I understand it, "the fully qualified domain name of the server" is in my case the "cn=localhost:389" in the server certificate form. So has someone a clue about what happend? Thanks a lot. Antoine
