Hi all,

I'm working on migrating a network to allow for more users and easier scaling. I'm also splitting up the main server into separate tasks. As long as I'm doing all this I thought it would be prudent to add an LDAP server for authentication/email/etc... I'm running gentoo-hardened on the ldap server and I have been following the gentoo ldap guides here:


This got me a decent setup, and everything works good, but now I'm trying to secure it using TLS and I can't seem to get it working. I've followed both guides, searched google, and still come up with nothing. I've verified the CN is correct, I've copied the cert from the server to the test client, and I've verified that the certs are ok using openssl.

running 'ldapsearch -H ldap://valid-cn -D "cn=Manager,dc=secret,dc=com" -W' lists everything that I've imported, but adding the -Z to the command exits with this:

ldap_start_tls: Connect error (-11)
additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

I'm using the same common name for the ldap:// protocol as was entered in the cert. Here's the relevant config sections:

/etc/openldap/slapd.conf (server only)
TLSCertificateFile /etc/ssl/ldap.pem
TLSCertificateKeyFile /etc/openldap/ldap-key.pem
TLS_REQCERT     allow

/etc/openldap/ldap.conf (client and server)
TLS_CERT     /etc/ssl/ldap.pem
TLS_KEY      /etc/openldap/ldap-key.pem
TLS_REQUEST     never

Is there anything else I should check with the certs?

Also, I've been looking for a decent guide to help with installation and maintenance for LDAP and I'm coming up dead. I've even checked the libraries and bookstores, and apart from a 2-8 page reference in a few general administrative books, I've found nothing. Can anyone recommend a good book/site on how to maintain/administer/install LDAP? I've spent over a week on this and it's still not operational and I'm starting to pull my hair out.

Thanks in advance for any help,
gentoo-user@lists.gentoo.org mailing list

Reply via email to