From: Quanah Gibson-Mount (no email)
Date: Wed Feb 25 2009 - 13:20:14 EST
--On Wednesday, February 25, 2009 11:59 AM -0600 Nick Geron
<> wrote:
> Just curious if anyone looked over my last email (with replies to
> Victor's questions). I forgot to add a few answers. I'm running postfix
> 2.5.6, openldap 2.3.43 (libraries on postfix server) and openssl 0.9.8g.
> On the ldap server I'm running openDS 1.2.
>
> Also, I turned up debugging in the map config file and found it is
> definitely a verification problem due to proxymap (via calls from
> libldap.so ?) not reading in the local copy of the 'ca'.
>
> Feb 25 10:55:28 smtp11 postfix/proxymap[28531]: dict_ldap_debug: TLS
> trace: SSL_connect:SSLv3 read server hello A
> Feb 25 10:55:28 smtp11 postfix/proxymap[28531]: dict_ldap_debug: TLS
> certificate verification: depth: 0, err: 18, subject:
> /emailAddress=/CN=ldap13.example.com/OU=IDC/O=Example
> Co/ST=Texas/C=US,
> Feb 25 10:55:28 smtp11 postfix/proxymap[28531]: dict_ldap_debug: issuer:
> /emailAddress=/CN=ldap13.example.com/OU=IDC/O=Example
> Co/ST=Texas/C=US
> Feb 25 10:55:28 smtp11 postfix/proxymap[28531]: dict_ldap_debug: TLS
> certificate verification: Error, self signed certificate
I think this is fairly clear -- It doesn't see that the cert you've
provided has a valid CA.
--Quanah
-- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
|
|
|