Re: [Cpu-users] SSl Certificate failure

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

It may also be that the latest ldap is a lot more restrictive on SSL. I 
know in order to get my ldapsearch to use SSL I had to build a CA and 
then sign a non-self signed certificate for the ldap server to use. I 
then had to point the ldap clients at the cacert.pem.

I actually had not tried cpu since I did that...hmmm....

I now get to this error....

root@llama ~# cpu useradd test

ldap: ldapOperation: ldap_bind_s: Protocol error (2)
        additional info: requested protocol version not allowed
ldap: CPU_init: Error in ldapOperation.

So you fix may still be required.

Terrence

Blake Matheny wrote:

>This may or may not be it. CPU was originally written to use LDAPv2 and I have
>not yet added the switch such that you can specify the version. I'll get
>around to it this weekend unless someone beats me to it :-)
>
>-Blake
>
>Whatchu talkin' 'bout, Willis?
>  
>
>>I get the following error when trying to add a user to my ldap database 
>>with cpu.
>>
>># cpu useradd test
>>
>>ldap: ldapOperation: ldap_bind_s: Can't contact LDAP server (81)
>>       additional info: error:14090086:SSL 
>>routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
>>ldap: CPU_init: Error in ldapOperation.
>>
>>Below is my config file.
>>
>>Any thoughts?
>>
>>Terrence
>>
>>
>>[GLOBAL]
>>DEFAULT_METHOD    = ldap
>>CRACKLIB_DICTIONARY = /usr/lib/cracklib_dict
>>
>>[LDAP]
>>#LDAP_HOST    = 127.0.0.1
>>#LDAP_PORT    = 389
>>LDAP_URI = ldaps://hostname.domain
>>BIND_DN        = cn=Admin,dc=host,dc=domain,dc=tld
>>BIND_PASS    = {SSHA}hashstuff
>>USER_BASE     = ou=people,dc=host,dc=domain,dc=tld
>>GROUP_BASE     = ou=group,dc=host,dc=domain,dc=tld
>>USER_OBJECT_CLASS    = posixAccount,shadowAccount,top
>>GROUP_OBJECT_CLASS    = posixGroup,top
>>USER_FILTER    = (objectClass=posixAccount)
>>GROUP_FILTER    = (objectClass=posixGroup)
>>CN_STRING    = cn
>>SKEL_DIR    = /etc/skel
>>DEFAULT_SHELL     = /bin/bash
>>HOME_DIRECTORY    = /home
>>MAX_UIDNUMBER = 25000
>>MIN_UIDNUMBER = 5000
>>MAX_GIDNUMBER = 25000
>>MIN_GIDNUMBER = 5000
>>ID_MAX_PASSES = 1000
>>RANDOM = "false"
>>PASSWORD_FILE = "/etc/passfile"
>>SHADOW_FILE = "/etc/shadowfile"
>>HASH = "md5"
>>SHADOWLASTCHANGE    = 11192
>>SHADOWMAX        = 99999
>>SHADOWWARING        = 7
>>SHADOWEXPIRE        = -1
>>SHADOWFLAG        = 134538308
>>SHADOWMIN        = -1
>>SHADOWINACTIVE        = -1
>>
>>[PASSWD]
>># Broken
>>GROUP    =    1000
>>HOME    =    /home
>>INACTIVE =    -1
>>#EXPIRE    =
>>SHELL    =    /bin/bash
>>SKEL    =    /etc/skel
>>COMMENT =    "Default Gecos"
>>PASSWORD =    /etc/passwd
>>SHADOW    =    /etc/shadow
>>
>>
>>
>>
>>-------------------------------------------------------
>>This SF.net email is sponsored by: VM Ware
>>With VMware you can run multiple operating systems on a single machine.
>>WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
>>at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
>>_______________________________________________
>>Cpu-users mailing list
>>Cpu...@li...
>>https://lists.sourceforge.net/lists/listinfo/cpu-users
>>    
>>
>
>  
>