在我的 Mac 上,我安装了 OpenLDAP,修改了 /etc/openldap/ldap.conf 并指定了证书的路径。但是,我不断收到此错误:
SERVER_DOWN: {
'info':
'error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:
routines:SSL3_GET_SERVER_CERTIFICATE:
certificate verify failed (unable to get local issuer certificate)',
'desc': "Can't contact LDAP server"
}
ldap.conf 里面有:
TLS_REQCERT demand
TLS_CACERT /etc/openldap/CA_tncdc01.cer
cer就在那里:
$ ll /etc/openldap/CA_tncdc01.cer
-rw-r--r--@ 1 eric staff 1298 Jun 23 09:12 /etc/openldap/CA_tncdc01.cer
OpenSSL 验证 说:
$ openssl verify /etc/openldap/CA_tncdc01.cer
error 18 at 0 depth lookup:self signed certificate
OK
并绑定,我使用(Python):
url = "ldaps://[snip]:636"
l = ldap.initialize(url)
l.simple_bind_s(bind_name, bind_password)
一切似乎都井然有序。
谢谢埃里克