--On Monday, October 25, 2021 12:33 PM -0700 "Paul B. Henson"
<[email protected]> wrote:
On 10/24/2021 11:19 PM, Ulrich Windl wrote:
Some time ago the way to install root certificates had changed
You mean on the server side? There's nothing wrong with the certificate
chain on the server, everything trusts that properly including the
ldapsearch included with the Symas openldap 2.4 rpms. The issue is that
the 2.5 rpms include their own bundled version of openssl, which is not
configured to trust the system certificate repository.
Symas OpenLDAP for Linux 2.4 is a rebuild of how the upstream vendor
packaged the software and does not necessarily reflect the way in which
Symas would package the software.
Symas OpenLDAP 2.5 (and soon 2.6) reflect how we would package the
software. Note that in 2.6, you can specify multiple paths to find CA
certs in, so you could configure it to use the system CAs as well as your
own local certificate authority if desired.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
