Thank you so much, Ven, for your reply. I have some questions.
-- create an environment variable LDAPCONF <DAISY>: Question, what value is this environment variable set to? Does OpenSSL or OpenLDAP use this env variable? -- create a file called ldap_ssl_cert_config and placed the following line in it: TLS_CACERTDIR /etc/pki/tls <DAISY>: Question, in what directory should I create this file? How is this file "ldap_ssl_cert_config" file used? How does OpenLDAP client know what file to look for, in which directory? And /etc/pki/tls does not exist in my file system. What is this "/etc/pki/tls" anyway? -- ran my program From: Mahadevan, Venkatasubramanian [mailto:[email protected]] Sent: Tuesday, August 30, 2011 6:25 PM To: Wu, Daisy; [email protected] Subject: RE: OpenLDAP client test program connecting to LDAP server over SSL failed > It failed because of this error: ldap_sasl_bind_s: Can't contact LDAP server > (-1) error:14090086:SSL routines: SSL3_GET_SERVER_CERTIFICATE:certificate > verify failed Hi Daisy, I have noticed that sometimes depending on the version of OpenSSL you are linking the LDAP libraries to, it will throw this error. So what I did was: -- create an environment variable LDAPCONF -- create a file called ldap_ssl_cert_config and placed the following line in it: TLS_CACERTDIR /etc/pki/tls -- ran my program Then it worked and I did not get the error anymore. Hope this helps. cheers, Ven
