Ubuntu OpenLDAP self-signed cert woes
So I have my openldap server working perfectly without TLS. Running Ubuntu 12.04.4 and OpenLDAP 2.4. I have built my own CA and created a cert for the server as well. After adding my certs with the proper ldif file it still will not trust my certs.
I ran "ldapsearch -x -H ldap://Domain.Name/ -ZZ -d -1" and it spit this out making me think its a trust issue: TLS: peer cert untrusted or revoked (0x42) TLS: can't connect: (unknown error code). ldap_err2string ldap_start_tls: Connect error (-11) additional info: (unknown error code) I googled my head off trying to find a solution but all of the guides say to edit the server's ldap.conf file which doesn't exist on my server. I literally tried to "locate ldap.conf" and got nothing. I've also tried importing my CA cert into ubuntu's root cert store which didn't work. anybody got any ideas? |
Turns out I needed to just manually make the /etc/ldap/ldap.conf file and put this in it
TLS_CACERT /etc/ldap/ssl/ca.crt TLS_REQCERT demand after that my queries now work. It still fails for other applications like owncloud and squid. |
Turns out this fixed all my issues.
|
All times are GMT -5. The time now is 10:48 PM. |