> man, 18.04.2005 kl. 12.39 skrev marlowe:
>
> [...]
>
> You *HAVE* to reply to the list.You have *NOT* to reply to me
> personally.
My apologies. I did not verify that the reply to was set to the
squirrelmail list. That was my fault.
>
>> >> can you test 'host' => 'ldaps://ldap.antagonism.org' setting?
>> I tried this setting and received the same error message. I even tried
this setting with port 389 and protocol 3 to see if TLS would start and
still received the same error.
>
> TLS on 389 is not SSL on 636. The fact that Evo does TLS has NOTHING to
do with SSL on port 636. Because Evo really does use TLS on port 389.
Does Squirrelmail support TLS?
>
> So what do you have? You probably have LDAP (slapd?) running on port 389
and not 636. If you want it to start on 636 too, you have to modify
/etc/rdc.d/init.d/ldap or whatever your startup directory is, to include
it.
netstat -an shows both 389 and 636 are listening. I also verified in my
start script that is calling ldap:/// and ldaps:///.
> Your certs are obviously O.k.
>
> For example, I have (Red Hat RHAS3) for MY OWN (you don't have to do
this, you adapt your own) startup:
>
> daemon ${slapd} -u ldap -h '"ldap://tru.leerlingen/
> ldaps://tru.leerlingen/
> ldapi://%2Fusr%2Flocal%2Fvar%2Fslapd%2Fldapi/????x-mod=0777"' $OPTIONS
$SLAPD_OPTIONS
>
> The thing is, that I start up ldaps. See it?
> To see whether you do too, do: 'openssl s_client - connect
> whateverIPaddressyourLDAPserverisrunning on:636'.
>
> If it don't work (i.e. "Connection refused") you are not running an LDAP
daemon on that port..
>
> Run one then ;)
I am receiving a return code 18 (self signed certificate), which I believe
means that it is correctly receiving my cert.
I believe I have an error in my ldap configuration. When I attempt to run
the following command
ldapsearch -x -b 'ou=addressbook,dc=antagonism,dc=org' '(objectclass=*)'
-H ldap://ldap.antagonism.org:389 -ZZ
I receive
ldap_bind: Can't contact LDAP server (-1)
additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certifcate verify failed.
I am taking this error and searching through Google for answer. Thank you
very much for your assistance. It is greatly appreciated.
Thanks,
Patrick
>
> --Tonni
>
> [...]
>
> --
>
>> >>
>> >> can you check if your ldap libraries have ssl support?
>> I am not sure which libraries you mean. I verified SSL support in PHP
by
>> checking phpinfo. I ran the following script to test LDAPS and
received
>> no errors:
>> <?php
>> // make sure your host is the correct one
>> // that you issued your secure certificate to
>> $ldaphost = "ldaps://ldap.antagonism.org/";
>> // Connecting to LDAP
>> $ldapconn = ldap_connect($ldaphost)
>> or die("Could not connect to {$ldaphost}");
>> ?>
>> I am unsure how to check ldap.so for SSL support.
>> I am also using the certs provided by the openssl packages, could this
be
>> a problem?
>> Thanks for your help. Once again if you could point me in the correct
direction it would be appreciated.
>> Patrick
>> >
>> > Works for me :)
>> >
>> > --Tonni
>> >
>> > --
>> > Nothing sucksseeds like a pigeon without a beak ...
>> >
>> > mail: [EMAIL PROTECTED]
>> > http://www.billy.demon.nl
>> >
>> > They love us, don't they, They feed us, won't they ...
>> >
>> >
>> >
>> > -------------------------------------------------------
>> > SF email is sponsored by - The IT Product Guide
>> > Read honest & candid reviews on hundreds of IT Products from real
>> users.
>> > Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
>> > --
>> > squirrelmail-users mailing list
>> > Posting Guidelines:
>> > http://squirrelmail.org/wiki/wiki.php?MailingListPostingGuidelines
List Address: [email protected]
>> > List Archives:
>> > http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user
List Archives:
>> http://sourceforge.net/mailarchive/forum.php?forum_id=2995
>> > List Info:
>> https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
>> >
>> !DSPAM:4263aa62257821559585103!
> --
> Nothing sucksseeds like a pigeon without a beak ...
>
> mail: [EMAIL PROTECTED]
> http://www.billy.demon.nl
>
> They love us, don't they, They feed us, won't they ...
>
>
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
--
squirrelmail-users mailing list
Posting Guidelines:
http://squirrelmail.org/wiki/wiki.php?MailingListPostingGuidelines
List Address: [email protected]
List Archives:
http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user
List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
