Ah, but I'm trying to get this client to connect to Active Directory on a Microsoft Domain controller, not OpenLdap slapd. :) But Aaron Richter found my problem.
-------------------------------------------------------------------- Aaron Smith [EMAIL PROTECTED] System Administrator (269) 337-7496 Kalamazoo College -----Original Message----- From: Francisco Saito [mailto:[EMAIL PROTECTED] Sent: Friday, October 13, 2006 2:04 AM To: Aaron Richton Cc: Aaron Smith; [email protected] Subject: Re: Install CA Certificate Hello, Can you show your slapd.conf? Your client side configuration looks ok. But have you said to slapd where are the certs? http://www.openldap.org/doc/admin23/tls.html Thanks, Francisco Saito On 10/12/06, Aaron Richton <[EMAIL PROTECTED]> wrote: > > Where do I need to put a CA certificate so that Openldap can find it > > properly? I have openldap version 2.3.27 that was compiled using > > openssl support on a Solaris 10 machine. Trying to do secure LDAP > > transactions with ldapsearch results in > > > > SSL initialization failed: error -8192 (An I/O error occurred during > > security authorization.) > > I'd try "-d -1" to see what the client is thinking, or possibly truss to > see if you and it are disagreeing as to the location of ldap.conf, and (if > ldap.conf is getting opened properly) to see if the open() on the CACERT > is working. > > With that said, I don't think I've ever seen a message like that from > OpenLDAP ldapsearch(1). Are you sure you aren't running Solaris 10's > /usr/bin/ldapsearch instead? >
