Greetings,
I want to use LDAP to store postfix, apache and dovecot users.
This sounds a quite simple need so I plan to use the native ldapd.
I have installed "4.8 GENERIC.MP#335 amd64" and configured ldapd as follow:
# $OpenBSD: ldapd.conf,v 1.2 2010/06/29 02:50:22 martinh Exp $
schema "/etc/ldap/core.schema"
schema "/etc/ldap/inetorgperson.schema"
schema "/etc/ldap/nis.schema"
schema "/etc/ldap/courier.schema"
listen on lo0
listen on lo0 ldaps certificate ldapd
listen on em0
listen on em0 ldaps certificate ldapd
listen on "/var/run/ldapi"
namespace "dc=tumfatig,dc=local" {
rootdn "cn=admin,dc=tumfatig,dc=local"
rootpw "xxx"
index sn
index givenName
index cn
index mail
}
Then I created a self-signed certificate in /etc/ldap/ using directions from
starttls(8).
The ldapd starts and listens to ldap and ldaps ports.
But when I run: # ldapmodify -x -H ldaps://ldapd.tumfatig.local -D
"cn=admin,dc=tumfatig,dc=local" -W -f /tmp/tumfatig
I get: "additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed"
The ldapd (in debug mode) says: "SSL library error: ssl_session_accept:
error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca"
Can I use ldapd with self-signed certificate ?
Did I miss a step ?
Thanks for your help.
Jo
