Hi. I have a openldap server with self-signed certificate.
For ldapsearch in line command and replication with ldap slaves the
certificate is working ok, without any problem:
slapd[4292]: conn=347190 fd=164 ACCEPT from IP=200.233.31.180:32807
(IP=0.0.0.0:636)
slapd[4292]: conn=347190 fd=164 TLS established tls_ssf=256 ssf=256
But if I try to use with some application, like freeradius for
example, I've got always this error:
slapd[4292]: conn=346888 fd=93 closed (TLS negotiation failure)
I have the same issue with pam to auth users against openldap.
Without certificate, pam and freeradius are working fine.
I don't know how to make it work, and I've tryed to change in
ldap.conf all the tls parameters. But it is working with ldapsearch !!!
Why it is not working for other applications ?
I have in my ldap.conf:
TLS_CERT /etc/openldap/mycert.pem
TLS_CACERT /etc/openldap/cacert.pem
All users can read this files. I'm using a wildcard certificate
(*.domain.com).
Thanks for any help.
--
Jeronimo Zucco
LPIC-1 Linux Professional Institute Certified
Universidade de Caxias do Sul - NPDU
http://jczucco.blogspot.com
