From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 106881 invoked by alias); 5 Aug 2019 22:41:38 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 106874 invoked by uid 89); 5 Aug 2019 22:41:38 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 spammy=company X-HELO: smtp-out-no.shaw.ca Received: from smtp-out-no.shaw.ca (HELO smtp-out-no.shaw.ca) (64.59.134.9) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 05 Aug 2019 22:41:36 +0000 Received: from [192.168.1.114] ([24.64.172.44]) by shaw.ca with ESMTP id ulfZhWriwsAGkulfahg8T3; Mon, 05 Aug 2019 16:41:34 -0600 Reply-To: Brian.Inglis@SystematicSw.ab.ca Subject: Re: Openldap 2.4.48-1 vs my company's pki To: cygwin@cygwin.com References: <87ftmje5zb.fsf@Rainer.invalid> <874l2y4ulo.fsf@Rainer.invalid> <228DE7899A9CF9C913C8B1B8@192.168.1.39> From: Brian Inglis Openpgp: preference=signencrypt Message-ID: <38c09027-12a9-4b38-b28c-fb3683815928@SystematicSw.ab.ca> Date: Mon, 05 Aug 2019 22:41:00 -0000 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-IsSubscribed: yes X-SW-Source: 2019-08/txt/msg00062.txt.bz2 On 2019-08-05 14:06, David Goldberg wrote: > On Mon, Aug 5, 2019, 15:25 Quanah Gibson-Mount wrote: >> On Monday, August 05, 2019 9:22 AM -0400 David Goldberg wrote: >>> Sorry, was away from work over the weekend. I just tested with openssl >>> s_client and it works just fine. Version is 1.1.1. there is no self >>> signed certificate. It's signed with the company pki rather than >>> commercial and I've properly installed that chain. The problem send to be >>> with the new build, at least the weird ldd output leads me to that >>> conclusion. I'll try to find some time to build from source and see if it >> Do you mean you connected to the ldap server using OpenSSL s_client to >> confirm that works? If that works and the ldapsearch (or other ldap >> client) binary does not, then you likely have a global /etc/ldap.conf (or >> whereever this build looks for it) or a ~/.ldaprc file that defines the >> path or file to find the CA certificate that would need updating. > Correct, openssl s_client works, as does the older build of ldapsearch. I > can't find any .ldaprc nor ldap.conf files on my system. > Unfortunately I've only set up my system for end user purposes. Building > from source will be a challenge. Any guidance (a link is fine) on what > packages to install to set that up? And do I need to worry about the > .cygport and patch files in the source distribution or will configure pick > them up? Install the cygport package and all its dependencies, plus the openldap source package, plus any build dependency packages named in the openldap.cygport DEPEND="" list. Change to the directory containing openldap.cygport and type: $ cygport openldap.cygport download all test and deal with any missing lib*-devel packages or other issues arising during the build. -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada This email may be disturbing to some readers as it contains too much technical detail. Reader discretion is advised. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple