Re: GQ to LDAP on FC1
From: Nigel Wade (nmw_at_ion.le.ac.uk)
Date: Mon, 19 Apr 2004 16:47:36 +0100 To: For users of Fedora Core releases <firstname.lastname@example.org>
Patrick Nelson wrote:
> LDAP server running on FC1, gq clients running on RH9 and FC1.
> When I select Enable TLS in gq server setup on the RH9 clients my LDAP
> searches work fine.
> When I do the same on the FC1 clients I get an error like:
> Couldn't enable TLS on the LDAP connection. Connection error
> Additional error: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICAL:certificate verify failed
> All RH9 clients work fine, all FC1 clients fail. Anyone have any
> I copied a non-working .gq config file from FC1 to a RH9 users dir and
> ran gq and then ran a search and the search worked. I feel like maybe
> FC1 is missing something, but I can not figure out what.
I don't know anything about gq, but if it uses openldap then that has
changed in version 2.1 (which is what FC1 ships with) such that the default
action is to verify the server CA chain. If your server cert. isn't signed
by a trusted CA then this verify will fail with the above error.
You can change the default action for openldap in /etc/ldap.conf by adding
-- Nigel Wade, System Administrator, Space Plasma Physics Group, University of Leicester, Leicester, LE1 7RH, UK E-mail : email@example.com Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555 -- fedora-list mailing list firstname.lastname@example.org To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list