Openldap 2.4.48-1 vs my company's pki
Quanah Gibson-Mount
quanah@symas.com
Fri Aug 2 17:28:00 GMT 2019
--On Friday, August 02, 2019 12:45 PM -0400 David Goldberg
<dsg18096@gmail.com> wrote:
> I updated openldap from 2.4.42-1 to 2.4.48-1 this morning and now
> ldapsearch will not connect, complaining that the server provided
> certificate is self signed. I have set up /etc/pki with my company's
> certificate chain and that allows 2.4.42-1 (and earlier) and other
> applications to properly authenticate local services. What has changed in
> 2.4.48-1 that causes this to not work and how can I fix it. I've
> downgraded for now; that is not a good long term solution of course.
What SSL library is being used for each of the two builds (I.e., gnutls?
openssl? moznss?) What SSL library version did 2.4.42 link to? What SSL
library version does 2.4.48 link to? Generally OpenLDAP should be linked
to OpenSSL which uses PEM formatted certificates. Also check whether you
have a global ldap.conf file (usually something like
/etc/openldap/ldap.conf or /etc/ldap.conf, etc, depending on how OpenLDAP
was built) that defines where to find the CA Cert(s), or a ~user/.ldaprc,
etc. OpenLDAP client utilities generally by default do not search for a
global list of CA certificates.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list