> Does it work if you use "-h localhost" (similar to what you were doing > with the openssl command)? > > Generally, you must provide the fully qualified domain name to the "-h" > parameter for SSL/TLS to work. > > For example, "-h ldap" doesn't work for me, but "-h ldap.stanford.edu" > does.
My FQDN is "server.misumasu.dyndns.org", which also has a CNAME of "ldap.misumasu.dyndns.org" (this CNAME is what the SSL cert is issued to). $ ldapsearch -h ldap.misumasu.dyndns.org -x -ZZ $ ldapsearch -h ldap -x -ZZ $ ldapsearch -h server.misumasu.dyndns.org -x -ZZ $ ldapsearch -h server -x -ZZ $ ldapsearch -h localhost.localdomain -x -ZZ $ ldapsearch -h localhost -x -ZZ $ ldapsearch -h 127.0.0.1 -x -ZZ all produce the exact same error message when slapd is running as non-root). And my /etc/ldap/ldap.conf file contains the line "URI ldap://ldap.misumasu.dyndns.org"; so the default when running "ldapsearch -x -ZZ" is equivalent to running "ldapsearch -H 'ldap://ldap.misumasu.dyndns.org' -x -ZZ" Just to be thorough, $ openssl s_client -connect ldap.misumasu.dyndns.org:636 $ openssl s_client -connect ldap:636 $ openssl s_client -connect server.misumasu.dyndns.org:636 $ openssl s_client -connect server:636 also all fail with the same error messages when slapd is running as non-root. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
