The reasoning behing that is given by man page: What if TLS_CACERT is set incorrectly and TLS_REQCERT is set to "never"? From my point of view, ldapsearch should return results and exit successfully. ![]() No errors, ldapsearch returns requested data.Īdditional info: Discussed with "Richard Megginson" on irc, as rich suggested I tried removing the option TLS_CACERTDIR from /etc/openldap/nf file and fixed the issue. Ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) TLS: error: could not initialize moznss security context - error -5939:No more entries in the directory TLS: could perform TLS system initialization. TLS: could not initialize moznss using security dir /etc/openldap/cacerts prefix - error -8174. TLS: did not find any valid CA certificates in /etc/openldap/cacerts Ldapsearch fails with the following error. ![]() # LDAPTLS_REQCERT=never ldapsearch -x -H ldaps://hostname:port -s base -b "" make sure /etc/openldap/cacerts directory is empty Upgrade openldap to openldap-2.4.23-15.el6Ģ. Version-Release number of selected component:openldap-2.4.86_64ġ. With the option "LDAPTLS_REQCERT never" the same command works well in the previous version(s) of openldap (openldap-2.4.19-15.el6_0.2 or older) ![]() With latest openldap (RHEL6.1) ldapsearch or similar tools fails to contact ldap server if there are no certificates in /etc/openldap/cacerts directory.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |