> I'm not sure what is wrong/mismatched as it's failing inside of the openldap > client library. I wonder if the cert nickname having the "CN=" in it is a > problem? It shouldn't be, but who knows. > I tried changing it to “server-cert”, did not help.
> openldap just describes the flag as: > > LDAPSSL_AUTH_CNCHECK indicates that you accept the server's certificate > only if you trust the CA who issued the certificate and if the value of the > cn attribute is the DNS hostname of the server. <> > > Under cn=config what is nsslapd-localhost set to? Is it the correct FQDN? yes. > What is in /etc/openldap/ldap.conf? ? > There are no messages containing "conn_connect”? not a single one.
_______________________________________________ 389-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
