Martin G wrote:
Iv found the following on the novellserver (CA-service): Distinguished name: WIFITREE CA.Security Host server: NW1.SYSTEM.WIFI
Well this looks like the novell ldap server certifivate.
"NW1" would be the servername and "NW1.SYSTEM.WIFI" the FQDN?
Yes.
I added the info in all kinds of sorts in my hosts-file to the novell-ip on the linux-server but still no progress :( Still:
Put 10.10.0.11 nw1.system.wifi into the /etc/hosts file
ldapsearch -vvv -h NW1.SYSTEM.WIFI wifi -x -Z -b ou=adm,ou=malmo,o=wifi "cn=lotta" ldap_initialize( ldap://wifi ) ldap_start_tls: Connect error (-11) additional info: TLS: hostname does not match CN in peer certificate filter: cn=lotta requesting: All userApplication attributes
Any good idea!?
Does your ldap server do ldaps on e.g. port 636? To get the ldap server certificate and mybe the CA chain validating this certificate you could try # openssl s_client -connect 10.10.0.11:636 -showcerts -debug -msg -state If your ldap server does not do ldaps try # openssl s_client -connect 10.10.0.11:389 -showcerts -debug -msg -state -starttls pop3 or # openssl s_client -connect 10.10.0.11:389 -showcerts -debug -msg -state -starttls smtp I expect this does not work since openssl s_client does not (yet) support starttls option with ldap protocol. But give it a whirl, maybe you get back something useful. Or enable ldaps on port 636 on your ldap server.... and try the top most openssl command from this mail. -- Beste Gruesse / Kind Regards Reimer Karlsen-Masur DFN-PKI FAQ: https://www.pki.dfn.de/faqpki -- Dipl.-Inform. Reimer Karlsen-Masur (PKI Team), Phone +49 40 808077-615 DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555 Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737