Greetings, I want to use LDAP to store postfix, apache and dovecot users. This sounds a quite simple need so I plan to use the native ldapd.
I have installed "4.8 GENERIC.MP#335 amd64" and configured ldapd as follow: # $OpenBSD: ldapd.conf,v 1.2 2010/06/29 02:50:22 martinh Exp $ schema "/etc/ldap/core.schema" schema "/etc/ldap/inetorgperson.schema" schema "/etc/ldap/nis.schema" schema "/etc/ldap/courier.schema" listen on lo0 listen on lo0 ldaps certificate ldapd listen on em0 listen on em0 ldaps certificate ldapd listen on "/var/run/ldapi" namespace "dc=tumfatig,dc=local" { rootdn "cn=admin,dc=tumfatig,dc=local" rootpw "xxx" index sn index givenName index cn index mail } Then I created a self-signed certificate in /etc/ldap/ using directions from starttls(8). The ldapd starts and listens to ldap and ldaps ports. But when I run: # ldapmodify -x -H ldaps://ldapd.tumfatig.local -D "cn=admin,dc=tumfatig,dc=local" -W -f /tmp/tumfatig I get: "additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed" The ldapd (in debug mode) says: "SSL library error: ssl_session_accept: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca" Can I use ldapd with self-signed certificate ? Did I miss a step ? Thanks for your help. Jo