a.le...@consense-gmbh.de writes:
> Hello,
>
> I'm farely now to OpenLDAP. I have successfully build a connection to
> an Windows Active Directory with LDAP over Port 389.
>
> But when I switch to LDAPS and Port 636 and try a connection via the
> Softerra LDAP Browser I get the following error:
> TLS certificate verification: Error, unable to get local issuer certificate
> TLS: can't connect: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (unable
> to get local issuer certificate).
>
> I have installed the certificate of the Server I want to connect to on my
> machine.
>
> But I still get this error. Does anyone have an idea why this error happens?
>
> Here is my slapd.conf-File:
> # MDB Backend configuration file
> # See slapd.conf(5) for details on configuration options.
> # This file should NOT be world readable.
> ucdata-path ./ucdata
> include ./schema/core.schema
> include ./schema/cosine.schema
> include ./schema/nis.schema
> include ./schema/inetorgperson.schema
> #include ./schema/openldap.schema
> #include ./schema/dyngroup.schema
>
>
> pidfile ./run/slapd.pid
> argsfile ./run/slapd.args
>
> loglevel 256
>
> sizelimit unlimited
> timelimit unlimited
>
>
>
> ###
> # mdb database definitions
> ###
>
>
> database meta
> suffix "dc=example,dc=com"
>
> uri "ldaps://dc001.example.com:636/DC=example,DC=com"
Read the manual pages on slapd.conf(5), slapd-mdb(5), slapd-meta(5), and
read on Transport Layer Security (TLS)
In order order to verify the host certificate of host dc001.example.com
you should provide and configure the certification authority (CA) that
signed the host certificate.
The configuration of a ucdata path is obsolete.
-Dieter
--
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E
