Re: Openldap 2.4.48-1 vs my company's pki

2019-08-06 Thread David Goldberg
just created and ldapsearch worked as expected. I can't understand why 2.4.42 ignored that file while 2.4.48 tried to use it but it seems local to my oddball situation and not a broader issue. Thanks again for all the help and advice. On Tue, Aug 6, 2019, 15:17 David Goldberg wrote: > Tha

Re: Openldap 2.4.48-1 vs my company's pki

2019-08-06 Thread David Goldberg
Thank you, Achim! I should have thought of that myself. Indeed adding an appropriate TLS_CACERT to ldap.conf has solved the problem and 2.4.48 ldapsearch is working now. On Tue, Aug 6, 2019, 12:44 Achim Gratz wrote: > David Goldberg writes: > > Correct, openssl s_client works, as

Re: Openldap 2.4.48-1 vs my company's pki

2019-08-06 Thread David Goldberg
erify failed (self signed certificate in certificate chain). I'm stumped at this point. Thanks On Mon, Aug 5, 2019, 18:41 Brian Inglis wrote: > On 2019-08-05 14:06, David Goldberg wrote: > > On Mon, Aug 5, 2019, 15:25 Quanah Gibson-Mount wrote: > >> On Monday, August

Re: Openldap 2.4.48-1 vs my company's pki

2019-08-05 Thread David Goldberg
to install to set that up? And do I need to worry about the .cygport and patch files in the source distribution or will configure pick them up? Thanks On Mon, Aug 5, 2019, 15:25 Quanah Gibson-Mount wrote: > --On Monday, August 05, 2019 9:22 AM -0400 David Goldberg > wrote: > > >

Re: Openldap 2.4.48-1 vs my company's pki

2019-08-05 Thread David Goldberg
new build, at least the weird ldd output leads me to that conclusion. I'll try to find some time to build from source and see if it works. Thanks On Sat, Aug 3, 2019, 02:43 Achim Gratz wrote: > David Goldberg writes: > > Thanks but unfortunately even after don't that I sti

Re: Openldap 2.4.48-1 vs my company's pki

2019-08-02 Thread David Goldberg
gssl 1.1 and maybe something missing while the working one shows cygssl 1.0. any idea how I might resolve that? Thanks -- Dave Goldberg dsg18...@gmail.com On Fri, Aug 2, 2019 at 1:28 PM Quanah Gibson-Mount wrote: > --On Friday, August 02, 2019 12:45 PM -0400 David Goldberg > wrote:

Re: Openldap 2.4.48-1 vs my company's pki

2019-08-02 Thread David Goldberg
Thanks but unfortunately even after don't that I still get the complaint that they're is a self signed certificate in the chain. We do indeed run our own CA but it seems like that should not really be a problem. On Fri, Aug 2, 2019, 15:13 Achim Gratz wrote: > David Goldberg

Openldap 2.4.48-1 vs my company's pki

2019-08-02 Thread David Goldberg
I updated openldap from 2.4.42-1 to 2.4.48-1 this morning and now ldapsearch will not connect, complaining that the server provided certificate is self signed. I have set up /etc/pki with my company's certificate chain and that allows 2.4.42-1 (and earlier) and other applications to properly authen