From: David Goldberg <dsg18096@gmail.com>
To: cygwin@cygwin.com
Subject: Re: Openldap 2.4.48-1 vs my company's pki
Date: Mon, 05 Aug 2019 12:22:00 -0000 [thread overview]
Message-ID: <CAN9EdkYG1aFnaMAPM3jg=0psRoiS1rF7Hze618UYj1mHByjKbg@mail.gmail.com> (raw)
In-Reply-To: <874l2y4ulo.fsf@Rainer.invalid>
Sorry, was away from work over the weekend. I just tested with openssl
s_client and it works just fine. Version is 1.1.1. there is no self
signed certificate. It's signed with the company pki rather than commercial
and I've properly installed that chain. The problem send to be with the new
build, at least the weird ldd output leads me to that conclusion. I'll try
to find some time to build from source and see if it works.
Thanks
On Sat, Aug 3, 2019, 02:43 Achim Gratz <Stromeko@nexgo.de> wrote:
> David Goldberg writes:
> > Thanks but unfortunately even after don't that I still get the complaint
> > that they're is a self signed certificate in the chain. We do indeed run
> > our own CA but it seems like that should not really be a problem.
>
> Wait, are you saying you do run a private CA, but the LDAP server cert
> is not certified through it? Running
>
> openssl s_client -connect ldap:9010
>
> shows the certificate chain as seen by openssl and would tell you if
> you've registered the right cert to trust. You can compare this to what
> ldapsearch outputs when run with a sufficiently high debuglevel to see
> if there's some obvious mismatch that would indicate a configuration
> error somewhere. As a last resort you can run
>
> env LDAP_REQCERT=never ldapsearch ...
>
> to skip the certificate check and see if that at least works. But you
> said it worked before, so that might not be the problem here...
>
> So let me guess that you need to point your ldap.conf to
> /etc/pki/... instead of /etc/ssl/... (which was the earlier default).
>
> Also, please read the update announcement about the state of the server
> components (if you use them).
>
>
> Regards,
> Achim.
> --
> +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
>
> Wavetables for the Terratec KOMPLEXER:
> http://Synth.Stromeko.net/Downloads.html#KomplexerWaves
>
> --
> Problem reports: http://cygwin.com/problems.html
> FAQ: http://cygwin.com/faq/
> Documentation: http://cygwin.com/docs.html
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
>
>
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
next prev parent reply other threads:[~2019-08-05 12:22 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-02 15:45 David Goldberg
2019-08-02 17:28 ` Quanah Gibson-Mount
2019-08-02 19:13 ` Achim Gratz
2019-08-02 20:08 ` David Goldberg
2019-08-03 6:43 ` Achim Gratz
2019-08-05 12:22 ` David Goldberg [this message]
2019-08-05 19:25 ` Quanah Gibson-Mount
2019-08-05 19:39 ` Achim Gratz
[not found] ` <228DE7899A9CF9C913C8B1B8@192.168.1.39>
2019-08-05 20:06 ` David Goldberg
2019-08-05 20:31 ` Quanah Gibson-Mount
2019-08-05 22:41 ` Brian Inglis
2019-08-06 15:23 ` David Goldberg
2019-08-06 16:44 ` Achim Gratz
2019-08-06 19:17 ` David Goldberg
2019-08-06 21:20 ` David Goldberg
2019-08-07 18:35 ` Achim Gratz
[not found] ` <F9D491FCA6B56B38D0C0B1D6@192.168.1.39>
2019-08-03 2:42 ` David Goldberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAN9EdkYG1aFnaMAPM3jg=0psRoiS1rF7Hze618UYj1mHByjKbg@mail.gmail.com' \
--to=dsg18096@gmail.com \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).