I am having trouble getting TLS to work with openldap-server.
I followed the guide in the FreeBSD handbook:
Handbook guide
It seems that everything is working properly except for the TLS part.
Here is a working example from a remote host on the LAN:
Here is a non-working example from the same LAN host:
I have defined the path to the certificates:
Any help would be greatly appreciated.
Code:
root@ldap:~ # pkg info | grep ldap
openldap-client-2.4.57 Open source LDAP client implementation
openldap-server-2.4.57 Open source LDAP server implementation
root@ldap:~ # uname -a
FreeBSD ldap.example.org 12.2-RELEASE-p3 FreeBSD 12.2-RELEASE-p3 GENERIC amd64
I followed the guide in the FreeBSD handbook:
Handbook guide
It seems that everything is working properly except for the TLS part.
Here is a working example from a remote host on the LAN:
Code:
vic@bleague:~
▶ ldapwhoami -H ldap://192.168.1.3 -x
anonymous
Here is a non-working example from the same LAN host:
Code:
vic@bleague:~
▶ ldapwhoami -H ldap://192.168.1.3 -x -ZZ -D "uid=vic,ou=users,dc=example,dc=org" -W
ldap_start_tls: Connect error (-11)
additional info: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (self signed certificate in certificate chain)
I have defined the path to the certificates:
Code:
# Define global ACLs to disable default read access.
#
olcArgsFile: /var/run/openldap/slapd.args
olcPidFile: /var/run/openldap/slapd.pid
olcTLSCertificateFile: /usr/local/etc/openldap/server.crt
olcTLSCertificateKeyFile: /usr/local/etc/openldap/private/server.key
olcTLSCACertificateFile: /usr/local/etc/openldap/ca.crt
#olcTLSCipherSuite: HIGH
olcTLSProtocolMin: 3.1
olcTLSVerifyClient: never
Any help would be greatly appreciated.