On 05/09/2018 04:59 PM, Michal Medvecky wrote: > >> I'm not sure what is wrong/mismatched as it's failing inside of the >> openldap client library. I wonder if the cert nickname having the >> "CN=" in it is a problem? It shouldn't be, but who knows. >> > I tried changing it to “server-cert”, did not help. > >> openldap just describes the flag as: >> >> | ||LDAPSSL_AUTH_CNCHECK |indicates that you accept the server's >> certificate only if you trust the CA who issued the certificate and >> if the value of the cn attribute is the DNS hostname of the server. >> >> Under cn=config what is nsslapd-localhost set to? Is it the correct >> FQDN? > > yes. > >> What is in /etc/openldap/ldap.conf? > > ? Do you have this file? What platform are you running on? And what version of 389-ds-base are you using (rpm -qa | grep 389-ds-base) > >> There are no messages containing "conn_connect”? > > not a single one. > > > > > _______________________________________________ > 389-users mailing list -- [email protected] > To unsubscribe send an email to [email protected]
_______________________________________________ 389-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
