On Fri, 2009-12-04 at 12:38 +0100, DT Piotr Wadas wrote: > > On Fri, 4 Dec 2009, Chamith Kumarage wrote: > > > Hi Folks, > > > > I have setup openldap with SSL and i'm using self signed certs. I have > > included the following in my slapd.conf. > > > > TLSCipherSuite HIGH:MEDIUM:-SSLv2 > > TLSCACertificateFile /etc/ldap/ssl/server.pem > > TLSCertificateFile /etc/ldap/ssl/server.pem > > TLSCertificateKeyFile /etc/ldap/ssl/server.pem > > TLSVerifyClient demand > > > > and in my ldap.conf I have; > > > > HOST <my_ip> > > PORT 636 > > TLS_REQCERT /etc/ldap/ssl/server.pem > > What slapd starting line (-h option) you've used? should be something like > > "ldap://127.0.0.1:389/ ldaps://127.0.0.1:636/ ldapi:///" > > E.g. in Debian it's configured via /etc/default/slapd file. > > Regards, > DT
I have those already configured in /etc/default/slapd . This is the error I'm getting when trying to do a ldapsearch via ldaps:// ; ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) But I can perform the same operation via ldap:// Thanks, ~Chamith
