Openldap 2.4.48-1 vs my company's pki

David Goldberg dsg18096@gmail.com
Fri Aug 2 20:08:00 GMT 2019


Thanks but unfortunately even after don't that I still get the complaint
that they're is a self signed certificate in the chain. We do indeed run
our own CA but it seems like that should not really be a problem.

On Fri, Aug 2, 2019, 15:13 Achim Gratz <Stromeko@nexgo.de> wrote:

> David Goldberg writes:
> > I updated openldap from 2.4.42-1 to 2.4.48-1 this morning and now
> > ldapsearch will not connect, complaining that the server provided
> > certificate is self signed. I have set up /etc/pki with my company's
> > certificate chain and that allows 2.4.42-1 (and earlier) and other
> > applications to properly authenticate local services.
>
> The PKI layout was slightly changed a while ago and the newer openssl
> library used by the fresh openldap build may not pick up on the old
> locations anymore.  What you should do is place the certificates into
> the /etc/pki/ca-trust/source/anchors/ directory, then run
>
> # update-ca-trust extract
>
> which should correctly populate the directories that the libaries and
> applications use.
>
>
>
> Regards,
> Achim.
> --
> +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
>
> Wavetables for the Terratec KOMPLEXER:
> http://Synth.Stromeko.net/Downloads.html#KomplexerWaves
>
> --
> Problem reports:       http://cygwin.com/problems.html
> FAQ:                   http://cygwin.com/faq/
> Documentation:         http://cygwin.com/docs.html
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
>
>

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple



More information about the Cygwin mailing list