我配置了 OpenLDAP,今天我按照以下准则配置了 TLS 以提高安全性:使用 TLS=required 配置 OpenLDAP
使用配置文件修改 cn=config.ldif:
dn: cn=config
changetype: modify
add: olcSecurity
olcSecurity: tls=1
和: ldapmodify -Y EXTERNAL -H ldapi:/// -f mod_ssl.ldif
现在,当我尝试创建 时ldapsearch,出现以下错误:
ldap_start_tls: Connect error (-11)
additional info: TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user.
ldap_result: Can't contact LDAP server (-1)
例子:
ldapsearch -Z -x -LLL "(uid=user1)" -d -1
日志最相关的部分:
TLS: error: connect - force handshake failure: errno 2 - moznss error -8172 …