"Dan O'Reilly" <[EMAIL PROTECTED]> writes: > Using ldapsearch on a VMS system to attempt to do a directory lookup > using SSL to a non-OpenLDAP directory on another system. I verified > the root CA certificate is correct using: > > $ openssl s_client -connect adtest:636 "-CAfile" test_root_ca.pem > > My LDAP.CONF file contains: > > TLS_CHECKPEER no > BIND_POLICY soft > TLS_REQCERT never > TLS_CACERT RAPTOR$DKA0:[OREILLY.KEYS]TEST_ROOT_CA.PEM > > What happens is below: > > $ ldapsearch "-ZZ" -p 636 -d 255 -s base -x -w xxxxxxxxx -v "-D"
The -ZZ option initialises ldap_starttls request, while the server, listening on port 636 presents the certificate without starttls. You either do a ldapsearch to port 636 without starttls, or to port 389 with starttls. -Dieter -- Dieter Klünter | Systemberatung http://www.dkluenter.de GPG Key ID:8EF7B6C6
