a.le...@consense-gmbh.de writes: > Hello, > > I'm farely now to OpenLDAP. I have successfully build a connection to > an Windows Active Directory with LDAP over Port 389. > > But when I switch to LDAPS and Port 636 and try a connection via the > Softerra LDAP Browser I get the following error: > TLS certificate verification: Error, unable to get local issuer certificate > TLS: can't connect: error:14090086:SSL > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (unable > to get local issuer certificate). > > I have installed the certificate of the Server I want to connect to on my > machine. > > But I still get this error. Does anyone have an idea why this error happens? > > Here is my slapd.conf-File: > # MDB Backend configuration file > # See slapd.conf(5) for details on configuration options. > # This file should NOT be world readable. > ucdata-path ./ucdata > include ./schema/core.schema > include ./schema/cosine.schema > include ./schema/nis.schema > include ./schema/inetorgperson.schema > #include ./schema/openldap.schema > #include ./schema/dyngroup.schema > > > pidfile ./run/slapd.pid > argsfile ./run/slapd.args > > loglevel 256 > > sizelimit unlimited > timelimit unlimited > > > > ####################################################################### > # mdb database definitions > ####################################################################### > > > database meta > suffix "dc=example,dc=com" > > uri "ldaps://dc001.example.com:636/DC=example,DC=com" Read the manual pages on slapd.conf(5), slapd-mdb(5), slapd-meta(5), and read on Transport Layer Security (TLS) In order order to verify the host certificate of host dc001.example.com you should provide and configure the certification authority (CA) that signed the host certificate.
The configuration of a ucdata path is obsolete. -Dieter -- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E