Re: GQ to LDAP on FC1

From: Nigel Wade (nmw_at_ion.le.ac.uk)
Date: 04/19/04

  • Next message: Clint Harshaw: "Re: OpenOffice 1.1 update problem?" 
    Date: Mon, 19 Apr 2004 16:47:36 +0100
To: For users of Fedora Core releases <fedora-list@redhat.com>

    Patrick Nelson wrote:
    > LDAP server running on FC1, gq clients running on RH9 and FC1.
    >
    > When I select Enable TLS in gq server setup on the RH9 clients my LDAP
    > searches work fine.
    >
    > When I do the same on the FC1 clients I get an error like:
    >
    > Couldn't enable TLS on the LDAP connection. Connection error
    > Additional error: error:14090086:SSL
    > routines:SSL3_GET_SERVER_CERTIFICAL:certificate verify failed
    >
    > All RH9 clients work fine, all FC1 clients fail. Anyone have any
    > guesses?
    >
    > I copied a non-working .gq config file from FC1 to a RH9 users dir and
    > ran gq and then ran a search and the search worked. I feel like maybe
    > FC1 is missing something, but I can not figure out what.
    >
    >

    I don't know anything about gq, but if it uses openldap then that has
    changed in version 2.1 (which is what FC1 ships with) such that the default
    action is to verify the server CA chain. If your server cert. isn't signed
    by a trusted CA then this verify will fail with the above error.

    You can change the default action for openldap in /etc/ldap.conf by adding
    the line:

    tls_reqcert allow

    HTH 

    -- 
Nigel Wade, System Administrator, Space Plasma Physics Group,
             University of Leicester, Leicester, LE1 7RH, UK
E-mail :    nmw@ion.le.ac.uk
Phone :     +44 (0)116 2523548, Fax : +44 (0)116 2523555
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
  • Next message: Clint Harshaw: "Re: OpenOffice 1.1 update problem?"

    Relevant Pages

    • Re: Does samba 3.0.14Aa on OS 5.0.6 work with ldapsam backend on another LDAP server?
      ... used 3.0.9 on SCO 5.0.6 for quite some time after suffering problems I ... a RedHat4 box running samba 3.0.10 and OpenLDAP 2.2.13. ... and no LDAP server (although there were the ... share on the SCO server without any smbpasswd on that server! ...
      (comp.unix.sco.misc)
    • RE: LDAP & Find People not working
      ... need to refer to the KB article below to know how to use LDAP: ... | Yes, the scanner is on the local area network, so as you indicated below, ... | So I wonder why the scanner does not see the LDAP server. ...
      (microsoft.public.windows.server.sbs)
    • slapd - slow starting
      ... contact LDAP server ... then slapd started fine but I without ldap in nsswitch.conf I cant ... # The user ID attribute (defaults to uid) ... # SSL enabled. ...
      (freebsd-stable)
    • Re: Configuring LDAP on Entourage 2004 OS X
      ... On the SBS server box, open Server Management console, navigate to ... by companies that are independent of Microsoft. ... Configuring LDAP on Entourage 2004 OS X ...
      (microsoft.public.windows.server.sbs)
    • Re: Antw: Re: LDAP Authentication Problem
      ... TLSv1 und wird auf einen SSL Client Hello Request mit TLSv1 nicht ... antworten anstatt ein SSLv3 Server Hello. ... the LDAP PAM module and the shadow package. ...
      (de.comp.sys.novell)