Daniel Shackelford wrote:
Anyone able to address the other questions about ssl? I was able to
use the system version of ldapsearch to connect securely to my domain
controller from the FDS box. I can also connect the same way to FDS.
I have read that the -81 error means that there is a problem with my
server cert, or the ca cert that was used to create it. I have 2
server certs signed by different CAs (nothing self-signed), and I have
tried them both. The CA certs are installed, and seem to be fine. I
even exported on to use on the local openldap in order to test
connections to the domain controller without a problem.
I don't have any insight off the top of my head beyond what you've
already tried.
You could take a packet trace with ethereal or the like and see if
there's anything
interesting in the SSL handshake.
Is FDS dependent on specific versions of libssl3.so or ?... The
thing
that confuses me the most is that it all seems to be working fine in
every other case. I am still not sure there isn't a problem with my
Win2003 domain controller...
FDS should be used with the version of NSS that it was built against.
There will be some minor functionality differences between NSS releases
and bug fixes, but I wouldn't expect much sensitivity to NSS version
as far as basic functionality like this goes.
Bottom line is that if you can use the 'ldapsearch' command (the Mozilla
version that ships with FDS), pointed at the same cert database that the
server is using, to connect to your AD, then FDS's Winsync code should
be able to connect too : the code paths are essentially identical.