no .ldaprc in any homedir no /etc/ldap.conf no /etc/openldap directory clean /usr/local/etc/openldap/ldap.conf (no variables defined there) only /usr/local/etc/ldap.conf (for pam_ldap) and /usr/local/etc/nss_ldap.conf (for nss with ldap)
2010/9/15 Dieter Kluenter <[email protected]>: > c0re <[email protected]> writes: > >> Sorry, forgot to mention that I've tested that certificates are OK. >> >> # starting slapd >> >> /usr/local/libexec/slapd -u ldap -d 1 -h ldaps:/// >> >> # making test: >> >> openssl s_client -connect 127.0.0.1:636 -CAfile >> /usr/local/etc/openldap/ssl-client/root.crt -showcerts >> >> # output of test in openssl command: > [...] >> Certificate chain >> 0 s:/C=RU/ST=MSK/L=MSK/O=ORG/OU=IT/CN=ldap.domain.com >> i:/C=RU/ST=MSK/L=MSk/O=ORG/OU=IT/CN=ca.domain.com >> -----BEGIN CERTIFICATE----- >> <certificate> >> ..... >> </certificate> >> -----END CERTIFICATE----- >> 1 s:/C=RU/ST=MSK/L=MSk/O=ORG/OU=IT/CN=ca.domain.com >> i:/C=RU/ST=MSK/L=MSk/O=ORG/OU=IT/CN=ca.domain.com >> -----BEGIN CERTIFICATE----- >> <certificate> >> ..... >> </certificate> >> -----END CERTIFICATE----- >> --- >> Server certificate >> subject=/C=RU/ST=MSK/L=MSK/O=ORG/OU=IT/CN=ldap.domain.com >> issuer=/C=RU/ST=MSK/L=MSk/O=ORG/OU=IT/CN=ca.domain.com >> --- >> No client certificate CA names sent >> --- >> SSL handshake has read 1811 bytes and written 462 bytes >> --- > [...] >> Verify return code: 0 (ok) > [...] > > Ther are no errors in certificate chain and the server cert has been > veryfied, so the certificate chain is OK. Please check all relevant > configuration files that is /etc/openldap/ldap.conf, /etc/ldap.conf > and probably ~/.ldaprc for any TLS configuration. > > -Dieter > > -- > Dieter Klünter | Systemberatung > sip: [email protected] > http://www.dpunkt.de/buecher/2104.html > GPG Key ID:8EF7B6C6 >
