On 03/05/2012 07:59 PM, Peter Hawkins wrote: > OK... I added the ldap.conf entries > > REFERRALS off > TLS_REQCERT demand > TLS_CACERT /.../eLearningPublic.pem > > then tried: > > #ldapsearch -ZZ -x -D "[email protected]" -W -H > "ldap://mldshomdsp01.ce.xyz.com.au > <http://mldshomdsp01.ce.xyz.com.au/>" -b '' -s base -a never > > It gave: > > ldap_start_tls: Connect error (-11) > additional info: error:14090086:SSL > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (unable > to get local issuer certificate) > > and with > TLS_REQCERT never > TLS_CRLCHECK none > > it prompted for a password then gave: > ldap_bind: Invalid credentials (49) > additional info: 8009030C: LdapErr: DSID-0C0903A9, comment: > AcceptSecurityContext error, data 2030, v1db1 > > >
The path to your TLS_CACERT doesn't look right. If you are using ... to obscure the full path, don't do that - it makes it harder for us to help you. If you still want to obscure the path (even though there no real security risk in showing us, change it to something like /path/to/eLearningPublic.pem, that at least let's us know that the path shown is not real. -- Prentice
