https://bugzilla.novell.com/show_bug.cgi?id=645194 https://bugzilla.novell.com/show_bug.cgi?id=645194#c0 Summary: Yast2 Ldap Client uses wrong ldap.conf file path Classification: openSUSE Product: openSUSE 11.3 Version: Final Platform: x86 OS/Version: openSUSE 11.3 Status: NEW Severity: Major Priority: P5 - None Component: YaST2 AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: m407@mail.ru QAContact: jsrain@novell.com Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.8 SUSE/7.0.528.0 (KHTML, like Gecko) Chrome/7.0.528.0 Safari/534.8 Yast2 Ldap Client uses /etc/ldap.conf for storing configuration. But all openLDAP tools uses /etc/openldap/ldap.conf. For me options generated by Yast2: tls_cacertdir /etc/ssl/certs tls_cacertfile /etc/ssl/certs/YaST-CA.pem in /etc/ldap.conf didn't work until i moved them into /etc/openldap/ldap.conf. Reproducible: Always Steps to Reproduce: 1.Generate CA certificate in yast 2.Generate server request and sign it in yast 3.export signed sertificate as server sertificate 4.Setup ldap server to use tls with server certificate 5.Setup ldap client, setting path to previously generated CA certificate in Advanced section 6.Try ldapsearch with -ZZ -d 1 options Actual Results: TLS: can't connect: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (self signed certificate in certificate chain). Expected Results: Successful connect to the ldap server Solution in my case was to copy /etc/ldap.conf to /etc/openldap/ldap.conf But it is not managed by standard Yast tools. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.