Now, I need to get SASL working with ldap. Added the following to /etc/openldap/slapd.conf
TLSCertificateFile /etc/pki/tls/certs/slapd.pem
TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
TLSCipherSuite HIGH:MEDIUM:+SSLv2
Restarted ldap and ran the following:
ldapsearch -H ldaps://ibmprint.uchicago.edu:636 -x -b ‘dc=ibmprint,dc=uchicago,dc=edu’
Get the error:
ldap_bind: Can’t contact LDAP server (-1)
additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Questions:
1. I’m not getting any logging info in /var/log/messages. Where can I specify a separate log file?
2. I had tcpdump open on the ports I was trying to connect to. How come I saw absolutely no packets on that port?