Thread:Extension talk:LDAP Authentication/LDAP Authentication working until CA brought inhouse (Ryan Lane, please help!)

Some background. Simple LDAP authentication was working, authenticating to my domain controller. We added a Windows Certificate Authority for testing other things on one of the domain controllers.

Since then, I have re-imported the cert into /etc/pki/tls/certs and its still not authenticating.

I followed the directions here: Extension:LDAP Authentication/Requirements

When running: openssl s_client -showcerts -connect server:636 I get all the expected results, except the last line is: Verify return code: 21 (unable to verify the first certificate)

I am sure this is why the authentication isn't working.

So, proceeding on the issue, I have done the following, and it didn't help:

cd /etc/pki/tls/certs for i in `ls *.crt`;do [ ! -e $i.0 ] && ln -s $i $(openssl x509 -hash -noout -in $i).0 > /dev/null 2>&1 || : done Next, create a CA bundle, as some applications only work properly with a bundled file of CAs (notice that *.crt is assumed be your CA certificates): for i in `ls *.crt` do cat $i >> /etc/pki/tls/certs/local-bundle.crt done Finally, add the trust to openldap's client configuration: Edit /etc/openldap/ldap.conf Add the following lines: TLS_CACERTDIR  /etc/pki/tls/certs TLS_CACERT     /etc/pki/tls/certs/local-bundle.crt
 * 1) Create hash links to the certs

Can anyone offer some advise that would help?