[Cpu-users] SSl Certificate failure

[Terrence M. <tm...@ph...>]

I get the following error when trying to add a user to my ldap database 
with cpu.

# cpu useradd test

ldap: ldapOperation: ldap_bind_s: Can't contact LDAP server (81)
        additional info: error:14090086:SSL 
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
ldap: CPU_init: Error in ldapOperation.

Below is my config file.

Any thoughts?

Terrence


[GLOBAL]
DEFAULT_METHOD    = ldap
CRACKLIB_DICTIONARY = /usr/lib/cracklib_dict

[LDAP]
#LDAP_HOST    = 127.0.0.1
#LDAP_PORT    = 389
LDAP_URI = ldaps://hostname.domain
BIND_DN        = cn=Admin,dc=host,dc=domain,dc=tld
BIND_PASS    = {SSHA}hashstuff
USER_BASE     = ou=people,dc=host,dc=domain,dc=tld
GROUP_BASE     = ou=group,dc=host,dc=domain,dc=tld
USER_OBJECT_CLASS    = posixAccount,shadowAccount,top
GROUP_OBJECT_CLASS    = posixGroup,top
USER_FILTER    = (objectClass=posixAccount)
GROUP_FILTER    = (objectClass=posixGroup)
CN_STRING    = cn
SKEL_DIR    = /etc/skel
DEFAULT_SHELL     = /bin/bash
HOME_DIRECTORY    = /home
MAX_UIDNUMBER = 25000
MIN_UIDNUMBER = 5000
MAX_GIDNUMBER = 25000
MIN_GIDNUMBER = 5000
ID_MAX_PASSES = 1000
RANDOM = "false"
PASSWORD_FILE = "/etc/passfile"
SHADOW_FILE = "/etc/shadowfile"
HASH = "md5"
SHADOWLASTCHANGE    = 11192
SHADOWMAX        = 99999
SHADOWWARING        = 7
SHADOWEXPIRE        = -1
SHADOWFLAG        = 134538308
SHADOWMIN        = -1
SHADOWINACTIVE        = -1

[PASSWD]
# Broken
GROUP    =    1000
HOME    =    /home
INACTIVE =    -1
#EXPIRE    =
SHELL    =    /bin/bash
SKEL    =    /etc/skel
COMMENT =    "Default Gecos"
PASSWORD =    /etc/passwd
SHADOW    =    /etc/shadow