Hi Matt, On Wednesday, October 10, 2012 05:40:29 PM Matthew Drobnak wrote:
Ok, so the root of this is:
SSL Cert issues. As you suspected. We have our own root CA, but I thought I did this right:
obs01:/etc/ssl/certs # ls -l /usr/share/ca-certificates/mozilla/AppNex* [...] obs01:/etc/ssl/certs # And I did a update-ca-certificates, and it was in the list...So I have no idea what's still broken.
FYI, if I turn off SSL, it does work.
You might want to use the little helper script and run it like this: strace -o ruby-ldap-ssl.trace -f -e file -s1024 ruby ldap.rb And check which files in /etc/ssl/certs/ the openssl library tries to access. I could imagine that there might be a hash symlink inside /etc/ssl/certs/ missing - e.g. /etc/ssl/certs/$HASH.0 -> toyourCAorCert.crt or so. Note: also make sure that the SSL server cert matches with the provided domain you have configured for your LDAP. And the server cert is not expired and such stuff ... otherwise the ldap connection willl fail also - due to "untrusted" SSL cert. Best Regards, Daniel
-Matt
-- Daniel Gollub Linux Consultant & Developer Tel.: +49-160 47 73 970 Mail: gollub@b1-systems.de B1 Systems GmbH Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537