--On Wednesday, February 25, 2009 11:59 AM -0600 Nick Geron
<nge...@corenap.com> wrote:
Just curious if anyone looked over my last email (with replies to
Victor's questions). I forgot to add a few answers. I'm running postfix
2.5.6, openldap 2.3.43 (libraries on postfix server) and openssl 0.9.8g.
On the ldap server I'm running openDS 1.2.
Also, I turned up debugging in the map config file and found it is
definitely a verification problem due to proxymap (via calls from
libldap.so ?) not reading in the local copy of the 'ca'.
Feb 25 10:55:28 smtp11 postfix/proxymap[28531]: dict_ldap_debug: TLS
trace: SSL_connect:SSLv3 read server hello A
Feb 25 10:55:28 smtp11 postfix/proxymap[28531]: dict_ldap_debug: TLS
certificate verification: depth: 0, err: 18, subject:
/emailaddress=...@example.com/CN=ldap13.example.com/OU=IDC/O=Example
Co/ST=Texas/C=US,
Feb 25 10:55:28 smtp11 postfix/proxymap[28531]: dict_ldap_debug: issuer:
/emailaddress=...@example.com/CN=ldap13.example.com/OU=IDC/O=Example
Co/ST=Texas/C=US
Feb 25 10:55:28 smtp11 postfix/proxymap[28531]: dict_ldap_debug: TLS
certificate verification: Error, self signed certificate
I think this is fairly clear -- It doesn't see that the cert you've
provided has a valid CA.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
