On 02/07/2010, at 12:49 PM, owen nirvana wrote: > I set tls options to use ldaps.
When using TLS you dont need LDAPS, you want to set your systems to ldap://ldap.server > > question 1: > port 389 is opened yet when I scan the LDAP Server by nmap, but I could not > connect it with Apache Directory Studio v1.5.3. > > question 2: > Nmap tell me "server still supports SSLv2", but I set TLSCipherSuite is > HIGH:MEDIUM:-SSLv2 > > question 3: > I try to import some data with ldapmodify > > ldapmodify -a -H ldap://mydomain.org:636 -D "cn=admin,dc=mydomain,dc=org" -x > -w whatever -f init.ldif Try adding the -Z flag to turn on encryption. Your servers CN on the certificate must also match the hostname of the server. > > the following is error report: > > ldap_start_tls : Can't Contact LDAP Server(-1) > addition info: error: 14000092: SSL Routine: SSL3_GET_CERTFICATE: > certificate verify failed > > ldap_sasl_bind(Simple): Can't Contact LDAP Server(-1) > > > gtalk:[email protected] <gtalk%[email protected]>
