Re: Problem with ldap table lookups and TLS

From: Quanah Gibson-Mount (no email)
Date: Wed Feb 25 2009 - 13:20:14 EST

  • Next message: Victor Duchovni: "Re: Problem with ldap table lookups and TLS"

    --On Wednesday, February 25, 2009 11:59 AM -0600 Nick Geron
    <> wrote:

    > Just curious if anyone looked over my last email (with replies to
    > Victor's questions). I forgot to add a few answers. I'm running postfix
    > 2.5.6, openldap 2.3.43 (libraries on postfix server) and openssl 0.9.8g.
    > On the ldap server I'm running openDS 1.2.
    >
    > Also, I turned up debugging in the map config file and found it is
    > definitely a verification problem due to proxymap (via calls from
    > libldap.so ?) not reading in the local copy of the 'ca'.
    >
    > Feb 25 10:55:28 smtp11 postfix/proxymap[28531]: dict_ldap_debug: TLS
    > trace: SSL_connect:SSLv3 read server hello A
    > Feb 25 10:55:28 smtp11 postfix/proxymap[28531]: dict_ldap_debug: TLS
    > certificate verification: depth: 0, err: 18, subject:
    > /emailAddress=/CN=ldap13.example.com/OU=IDC/O=Example
    > Co/ST=Texas/C=US,
    > Feb 25 10:55:28 smtp11 postfix/proxymap[28531]: dict_ldap_debug: issuer:
    > /emailAddress=/CN=ldap13.example.com/OU=IDC/O=Example
    > Co/ST=Texas/C=US
    > Feb 25 10:55:28 smtp11 postfix/proxymap[28531]: dict_ldap_debug: TLS
    > certificate verification: Error, self signed certificate

    I think this is fairly clear -- It doesn't see that the cert you've
    provided has a valid CA.

    --Quanah

    --
    Quanah Gibson-Mount
    Principal Software Engineer
    Zimbra, Inc
    --------------------
    Zimbra ::  the leader in open source messaging and collaboration
    

  • Next message: Victor Duchovni: "Re: Problem with ldap table lookups and TLS"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD