Here is my ldap.conf ----- ldap.conf ------
# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.4.8.6 2000/09/05 17:54:38 kurt Exp $ # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. HOST server2.xxxxxxx.yyy BASE dc=xxxxxxx, dc=yyy PORT 389 TLS_REQCERT allow #BASE dc=example, dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never --------- end ldap.conf ---------- the permissions on the file are: -rw-r--r-- 1 root root 415 Jan 8 22:43 ldap.conf HTH, Steve On Tue, 2003-06-24 at 05:31, Barry Kostjens wrote: > On Monday 23 June 2003 17:35, Stephen Varga wrote: > > I tried that, but I got exactly the same error: > > TLS trace: SSL3 alert read:warning:close notify > ber_get_next on fd 9 failed errno=0 (Success) > connection_read(9): input error=-2 id=1, closing. > connection_closing: readying conn=1 sd=9 for close > connection_close: deferring conn=1 sd=9 > do_unbind > connection_resched: attempting closing conn=1 sd=9 > connection_close: conn=1 sd=9 > TLS trace: SSL3 alert write:warning:close notify > > Could you maybe post your complete ldap.conf? > > > > On Mon, 2003-06-23 at 10:50, Barry Kostjens wrote: > > > On Monday 23 June 2003 16:38, Stephen Varga wrote: > > > > > > Yes, that pem file is really there. > > > Can you tell me how you created your openldap.pem? > > > > From Turbo F's How-To: > > http://www.bayour.com/LDAPv3-HOWTO.html > > > > openssl req -new -x509 -nodes -out server.pem -keyout server.pem -days > > 365 > > > > I just remembered I also have the following line in my ldap.conf > > > > TLS_REQCERT allow > > > > I think it lets the cert be accepted even though it can not be verified. > > > > > > Steve > > > > > > Here is what is in my config: > > > > > > > > TLSCertificateFile /etc/openldap/openldap.pem > > > > TLSCertificateKeyFile /etc/openldap/openldap.pem > > > > TLSCACertificateFile /etc/openldap/openldap.pem > > > > > > > > openldap.pem was created using openssl. > > > > > > > > You really have /ect directory on your sytem? > > > > > > > > Steve > > > > > > > > On Mon, 2003-06-23 at 08:45, Barry Kostjens wrote: > > > > > No, that's not a typo. This file really exists. > > > > > > > > > > I Tried to put the cacert.pem in other dir's and changed the config, > > > > > but no go. > > > > > > > > > > When i Look in the o'reilly book, they don't even enter this line in > > > > > the config. Tried that too, but doesn't work. > > > > > > > > > > On Monday 23 June 2003 14:11, Stephen Varga wrote: > > > > > > On Mon, 2003-06-23 at 04:16, Barry Kostjens wrote: > > > > > > > daemon_init: 1 listeners opened > > > > > > > slapd init: initiated server. > > > > > > > TLS: could not load verify locations > > > > > > > (file:`/ect/ssl/demoCA/cacert.pem',dir:`'). > > > > > > > > > > > > ^^^ this should probably be 'etc' > > > > > > > > > > > > It looks like you have a typo in your config file. > > > > > > > > > > > > > TLS: error:02001002:system library:fopen:No such file or > > > > > > > directory bss_file.c:104 > > > > > > > > > > > > -- > > > > > > [EMAIL PROTECTED] mailing list > > > > > > > > > > -- > > > > > [EMAIL PROTECTED] mailing list > > > > > > > > -- > > > > [EMAIL PROTECTED] mailing list > > > > > > -- > > > [EMAIL PROTECTED] mailing list > > > > -- > > [EMAIL PROTECTED] mailing list > > > -- > [EMAIL PROTECTED] mailing list > > -- [EMAIL PROTECTED] mailing list