create a new certificate and key , CN = Administrator, no more verify failed, but
" ldap_start_tls : Can't Contact LDAP Server(-1)" is repoerted yet, no addition info gtalk:[email protected] <gtalk%[email protected]> On Fri, Jul 2, 2010 at 12:47 PM, owen nirvana <[email protected]> wrote: > thanks > > about " Your servers CN on the certificate must also match the hostname of > the server." > > is it means CN should be username of OS like Administrator, or ldap server > name like "ldap.server" > gtalk:[email protected] <gtalk%[email protected]> > > > > On Fri, Jul 2, 2010 at 11:24 AM, Indexer <[email protected]> wrote: > >> >> On 02/07/2010, at 12:49 PM, owen nirvana wrote: >> >> > I set tls options to use ldaps. >> >> When using TLS you dont need LDAPS, you want to set your systems to >> ldap://ldap.server >> >> > >> > question 1: >> > port 389 is opened yet when I scan the LDAP Server by nmap, but I could >> not >> > connect it with Apache Directory Studio v1.5.3. >> > >> > question 2: >> > Nmap tell me "server still supports SSLv2", but I set TLSCipherSuite is >> > HIGH:MEDIUM:-SSLv2 >> > >> > question 3: >> > I try to import some data with ldapmodify >> > >> > ldapmodify -a -H ldap://mydomain.org:636 -D >> "cn=admin,dc=mydomain,dc=org" -x >> > -w whatever -f init.ldif >> >> Try adding the -Z flag to turn on encryption. Your servers CN on the >> certificate must also match the hostname of the server. >> >> > >> > the following is error report: >> > >> > ldap_start_tls : Can't Contact LDAP Server(-1) >> > addition info: error: 14000092: SSL Routine: SSL3_GET_CERTFICATE: >> > certificate verify failed >> > >> > ldap_sasl_bind(Simple): Can't Contact LDAP Server(-1) >> > >> > >> > gtalk:[email protected] <gtalk%[email protected]> < >> gtalk%[email protected] <gtalk%[email protected]>> >> >> >
