Re: Integrating another distro into SkoleLinux Network (Ubuntu)
Sergi Tur/SGA/UPC:
>
>
> Ok. May be I find the problem
>
> I try to execute
>
> /usr/bin/ldapsearch -Z -LLL -h ldap -b
> ou=auto.master,ou=Automount,dc=skole,dc=skolelinux,dc=no -x
>
> In a SkoleLinux work-station and in Ubuntu. In Ubuntu give me the error:
>
> /usr/bin/ldapsearch -Z -LLL -h ldap -b
> ou=auto.master,ou=Automount,dc=skole,dc=skolelinux,dc=no -x
> ldap_start_tls: Connect error (91)
> additional info: Error in the certificate.
> ldap_bind: Local error (82)
> additional info: Error in the certificate.
>
> Then is an error with connection though ssl. Ldap client doesn't have the
> server's certificate or something similar.
>
> Any Idea?
If I remember correctly, it's using self-signed certificates. Try cut'n'paste
this into a terminal as root:
echo "TLS_REQCERT allow" >> /etc/ldap.conf
This will enable your client to work with ldapservers using self-signed
certificates.
Another thing. The commonName in the server-certificate is maybe
ldap.intern and not just ldap - so contacting the server by hostname
'ldap.intern' might also solve your problem - since you always should contact
the ssl-/tls-enabled server by the (set) of commonName(s) it uses.
You can check any ssl-certificate service by using the utils in OpenSSL.
E.g.: openssl s_client -showcerts <hostname>:<port> which would print out
all certificates in the certificate-chain the the remote service holds.
The s_client command has other nice options you can play with as well.
--
Regards
Bjorn Ove Grotan
Reply to: