From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 29454 invoked by alias); 6 Aug 2019 21:20:52 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 29447 invoked by uid 89); 6 Aug 2019 21:20:51 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-1.7 required=5.0 tests=AWL,BAYES_00,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=no version=3.3.1 spammy=gratz, Gratz, H*c:alternative, cygwincom X-HELO: mail-qt1-f177.google.com Received: from mail-qt1-f177.google.com (HELO mail-qt1-f177.google.com) (209.85.160.177) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Tue, 06 Aug 2019 21:20:49 +0000 Received: by mail-qt1-f177.google.com with SMTP id r6so81918162qtt.0 for ; Tue, 06 Aug 2019 14:20:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=BXXMfwh+BzYEeS4pyGUr9fdZLQTJL5SOQHcnqXU89Mg=; b=OAbXoLr6Ed4KoTqHaQhEbpa2gvruPflFg17JMz4pNG5SczGnn/7TCSE4ZBgLCpvi94 gXWyxDYeEwmQbIbreQTOUltLrHXa1Hlqyz20qYESHjF9WQaqJqa4+TU1/9s9MpOe75ED 3Nn5B/fb/bWajehoES4H0TITY/Oygeq8Ux1AVQbIiI77H2opsxLDayk6zpDvNbGTA6Dg Ytc6zHS7H6qzpEekdGE8P8q2T1e6dLXyGrsG1hkAGv3zEfsEU05W/J8h9NVeYBFTDBXV JzCQk7ssCIfnffcRKt7LlDd1xvIbCnx9hJX2mV9eb0kQaeauBsq7O1d9hLWP5SK3ige9 w8KQ== MIME-Version: 1.0 References: <87ftmje5zb.fsf@Rainer.invalid> <874l2y4ulo.fsf@Rainer.invalid> <228DE7899A9CF9C913C8B1B8@192.168.1.39> <874l2ufdlo.fsf@Rainer.invalid> In-Reply-To: From: David Goldberg Date: Tue, 06 Aug 2019 21:20:00 -0000 Message-ID: Subject: Re: Openldap 2.4.48-1 vs my company's pki To: cygwin@cygwin.com Content-Type: text/plain; charset="UTF-8" X-IsSubscribed: yes X-SW-Source: 2019-08/txt/msg00090.txt.bz2 I found the problem. I guess there's a number of locations where .ldaprc can be found. I have an old backup of a Linux home directory under my cygwin home and that contained a .ldaprc with a TLS_CACERTDIR setting that makes no sense on my windows box. I removed it and also the ldap.conf I just created and ldapsearch worked as expected. I can't understand why 2.4.42 ignored that file while 2.4.48 tried to use it but it seems local to my oddball situation and not a broader issue. Thanks again for all the help and advice. On Tue, Aug 6, 2019, 15:17 David Goldberg wrote: > Thank you, Achim! I should have thought of that myself. Indeed adding an > appropriate TLS_CACERT to ldap.conf has solved the problem and 2.4.48 > ldapsearch is working now. > > On Tue, Aug 6, 2019, 12:44 Achim Gratz wrote: > >> David Goldberg writes: >> > Correct, openssl s_client works, as does the older build of >> ldapsearch. I >> > can't find any .ldaprc nor ldap.conf files on my system. >> >> Then work the other way around and create a configuration file that >> points to the PKI. It's entirely possible that the compiled-in default >> (if there even is one) is not correct. If so I'll have to figure out >> how to change that, but until then it would be useful to know if things >> start working when the config is pointing to the existing PKI (which, as >> you tested can be used correctly by openssl). >> >> >> Regards, >> Achim. >> -- >> +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ >> >> SD adaptations for Waldorf Q V3.00R3 and Q+ V3.54R2: >> http://Synth.Stromeko.net/Downloads.html#WaldorfSDada >> >> -- >> Problem reports: http://cygwin.com/problems.html >> FAQ: http://cygwin.com/faq/ >> Documentation: http://cygwin.com/docs.html >> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple >> >> -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple