This is the mail archive of the
mailing list for the Cygwin project.
Re: Openldap 2.4.48-1 vs my company's pki
- From: Quanah Gibson-Mount <quanah at symas dot com>
- To: David Goldberg <dsg18096 at gmail dot com>, cygwin at cygwin dot com
- Date: Fri, 02 Aug 2019 10:28:08 -0700
- Subject: Re: Openldap 2.4.48-1 vs my company's pki
- References: <CAN9EdkY=zrEv31+PD8XXu9rVw4H_eXLEoMk5u=7H02Q1Xu7-Wg@mail.gmail.com>
- Reply-to: Quanah Gibson-Mount <quanah at symas dot com>
--On Friday, August 02, 2019 12:45 PM -0400 David Goldberg
I updated openldap from 2.4.42-1 to 2.4.48-1 this morning and now
ldapsearch will not connect, complaining that the server provided
certificate is self signed. I have set up /etc/pki with my company's
certificate chain and that allows 2.4.42-1 (and earlier) and other
applications to properly authenticate local services. What has changed in
2.4.48-1 that causes this to not work and how can I fix it. I've
downgraded for now; that is not a good long term solution of course.
What SSL library is being used for each of the two builds (I.e., gnutls?
openssl? moznss?) What SSL library version did 2.4.42 link to? What SSL
library version does 2.4.48 link to? Generally OpenLDAP should be linked
to OpenSSL which uses PEM formatted certificates. Also check whether you
have a global ldap.conf file (usually something like
/etc/openldap/ldap.conf or /etc/ldap.conf, etc, depending on how OpenLDAP
was built) that defines where to find the CA Cert(s), or a ~user/.ldaprc,
etc. OpenLDAP client utilities generally by default do not search for a
global list of CA certificates.
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple