This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Openldap 2.4.48-1 vs my company's pki

--On Friday, August 02, 2019 12:45 PM -0400 David Goldberg <> wrote:

I updated openldap from 2.4.42-1 to 2.4.48-1 this morning and now
ldapsearch will not connect, complaining that the server provided
certificate is self signed. I have set up /etc/pki with my company's
certificate chain and that allows 2.4.42-1 (and earlier) and other
applications to properly authenticate local services. What has changed in
2.4.48-1 that causes this to not work and how can I fix it. I've
downgraded for now; that is not a good long term solution of course.

What SSL library is being used for each of the two builds (I.e., gnutls? openssl? moznss?) What SSL library version did 2.4.42 link to? What SSL library version does 2.4.48 link to? Generally OpenLDAP should be linked to OpenSSL which uses PEM formatted certificates. Also check whether you have a global ldap.conf file (usually something like /etc/openldap/ldap.conf or /etc/ldap.conf, etc, depending on how OpenLDAP was built) that defines where to find the CA Cert(s), or a ~user/.ldaprc, etc. OpenLDAP client utilities generally by default do not search for a global list of CA certificates.



Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:

Problem reports:
Unsubscribe info:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]