[sudo-users] odd problems with ldap + ssl
Russell Van Tassell
russell+sudo-users at loosenut.com
Tue Nov 22 20:18:05 EST 2005
On Tue, Nov 22, 2005 at 03:18:08PM -0800, Jeff wrote:
>
>
> > > URI ldaps://barium
> >
> > ...you might want to fully qualify the URI. Some resolvers
> > can be a bit of a pain with their search path or whatever...
> > it would also be helpful to note if you have any other LDAP
> > clients working on the same machine.
>
> In my real config file it is fully resolved.
>
> Note that I forgot to mention that if I set my LDAP server
> to allow non-encrypted connections and change the above URI
> to:
>
> ldap://barium
>
> it works!
Sounds like it might be a SSL problem, perhaps as simple as not having
the trust relationship with your CA (for the self-signed certificate);
basically the equivalent of always needing the intermediary cert for any
of the "well-known" certificate authorities (eg. Verisign). You might
try establishing an SSL connection to it to see if there are any obvious
errors. Something like:
openssl s_client -connect your.machine.domain.tld:636 -crlf
Of course, compare that with a "known working" one, if you can...
Russell
--
Russell M. Van Tassell
russell at loosenut.com
"If you don't have a PhD in rocket science, then you probably won't
understand this.."
More information about the sudo-users
mailing list