From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041111 Firefox/1.0 Description of problem: The sample ldap.conf file in /etc/ldap.conf has the entry: #tls_cacertfile /etc/ssl/ca.cert However, tls_cacertfile is not a valid option for ldap.conf The correct entry should be: tls_cacert /etc/ssl/ca.cert This is also seen in other versions including RHEL 4 Beta 2. Diego Version-Release number of selected component (if applicable): openldap-2.2.13-2 How reproducible: Always Steps to Reproduce: 1. Using the default tls_cacertfile /etc/ssl/ca.cert: % grep -v ^# /etc/ldap.conf | uniq base dc=ibb,dc=gatech,dc=edu uri ldap://ldap.ibb.gatech.edu ssl start_tls tls_reqcert demand tls_checkpeer yes tls_cacertfile /etc/ssl/cacert.pem tls_cacertdir /etc/ssl/certs Now the query: %ldapsearch -x -v -ZZ -h ldap.ibb.gatech.edu -b dc=ibb,dc=gatech,dc=edu 'uid=dr126' ldap_initialize( ldap://ldap.ibb.gatech.edu ) ldap_start_tls: Connect error (-11) 2. Modifying ldap.conf with tls_cacert /etc/ssl/cacert.pem % grep -v ^# /etc/ldap.conf | uniq base dc=ibb,dc=gatech,dc=edu uri ldap://ldap.ibb.gatech.edu ssl start_tls tls_reqcert demand tls_checkpeer yes tls_cacert /etc/ssl/cacert.pem tls_cacertdir /etc/ssl/certs Now the query: %ldapsearch -x -v -ZZ -h ldap.ibb.gatech.edu -b dc=ibb,dc=gatech,dc=edu 'uid=dr126' ldap_initialize( ldap://ldap.ibb.gatech.edu ) filter: uid=dr126 requesting: ALL # extended LDIF # # LDAPv3 # base <dc=ibb,dc=gatech,dc=edu> with scope sub # filter: uid=dr126 # requesting: ALL # # dr126, People, ibb.gatech.edu dn: uid=dr126,ou=People,dc=ibb,dc=gatech,dc=edu uid: dr126 cn: Diego Julian Remolina givenName: Diego Julian sn: Remolina mail: dr126.edu objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: top loginShell: /bin/bash uidNumber: 1000 gidNumber: 500 homeDirectory: /home/dr126 gecos: Diego Julian Remolina # search result search: 3 result: 0 Success # numResponses: 2 # numEntries: 1 Additional info:
Thanks for the bug report. This particular bug has already been reported into our bug tracking system, but please feel free to report any further bugs you find. *** This bug has been marked as a duplicate of 146815 ***