delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2019/08/06/17:21:41

X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
:list-unsubscribe:list-subscribe:list-archive:list-post
:list-help:sender:mime-version:references:in-reply-to:from:date
:message-id:subject:to:content-type; q=dns; s=default; b=kdCDAdc
wuuJEzXJZeRZg9WBuq1/XWVz8KGjUjjLmuXNyfFNsCBIfnej2BquOLa7W/QnihM9
cJOyfjJHunb9wdi1rSG8l8jK7PolJNAvxD8ewivNNIERlfRDpTVO2J77y+6jGF1E
AKPAaK8THiMUglwawKmX4fdFzuST4dQ4qFwA=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
:list-unsubscribe:list-subscribe:list-archive:list-post
:list-help:sender:mime-version:references:in-reply-to:from:date
:message-id:subject:to:content-type; s=default; bh=fEYz0r2xDtj8t
d+pswmmG9xItog=; b=Hz6w91kWmOK+LqocVbgB+n0gCfrpsnxcXAc3eKJ5d08qc
1ngfj9OvHLIsWsWkawCrBzUQWkQqNwpegdczkql6etBYXmpUyfoyxv2C6d3dARbo
TZ3gRvdvDanI0MM0MgaT2gsTx+RSdENiaJBGSQd800obDFV/DNm1CS3tZgrTe8=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-1.7 required=5.0 tests=AWL,BAYES_00,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=no version=3.3.1 spammy=gratz, Gratz, H*c:alternative, cygwincom
X-HELO: mail-qt1-f177.google.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=BXXMfwh+BzYEeS4pyGUr9fdZLQTJL5SOQHcnqXU89Mg=; b=OAbXoLr6Ed4KoTqHaQhEbpa2gvruPflFg17JMz4pNG5SczGnn/7TCSE4ZBgLCpvi94 gXWyxDYeEwmQbIbreQTOUltLrHXa1Hlqyz20qYESHjF9WQaqJqa4+TU1/9s9MpOe75ED 3Nn5B/fb/bWajehoES4H0TITY/Oygeq8Ux1AVQbIiI77H2opsxLDayk6zpDvNbGTA6Dg Ytc6zHS7H6qzpEekdGE8P8q2T1e6dLXyGrsG1hkAGv3zEfsEU05W/J8h9NVeYBFTDBXV JzCQk7ssCIfnffcRKt7LlDd1xvIbCnx9hJX2mV9eb0kQaeauBsq7O1d9hLWP5SK3ige9 w8KQ==
MIME-Version: 1.0
References: <CAN9EdkY=zrEv31+PD8XXu9rVw4H_eXLEoMk5u=7H02Q1Xu7-Wg AT mail DOT gmail DOT com> <87ftmje5zb DOT fsf AT Rainer DOT invalid> <CAN9EdkYzh558w=CG3UkzgN0rg98eVx2V0BcdktEwVEW3dS1qCQ AT mail DOT gmail DOT com> <874l2y4ulo DOT fsf AT Rainer DOT invalid> <CAN9EdkYG1aFnaMAPM3jg=0psRoiS1rF7Hze618UYj1mHByjKbg AT mail DOT gmail DOT com> <228DE7899A9CF9C913C8B1B8 AT 192 DOT 168 DOT 1 DOT 39> <CAN9Edkbv6ZaHyLs3MVyYapgYa3XiXU2D+kr8o2zTCJivk8h0-w AT mail DOT gmail DOT com> <874l2ufdlo DOT fsf AT Rainer DOT invalid> <CAN9EdkZjtczZ8hhzWTLga3iMVn+VwFOv1XNC2RZJBQUpCq+z_Q AT mail DOT gmail DOT com>
In-Reply-To: <CAN9EdkZjtczZ8hhzWTLga3iMVn+VwFOv1XNC2RZJBQUpCq+z_Q@mail.gmail.com>
From: David Goldberg <dsg18096 AT gmail DOT com>
Date: Tue, 6 Aug 2019 17:20:35 -0400
Message-ID: <CAN9Edkb2nUYmmZ76MQQN8w=PYthXctd677gxU6m3wQEgyku_yg@mail.gmail.com>
Subject: Re: Openldap 2.4.48-1 vs my company's pki
To: cygwin AT cygwin DOT com
X-IsSubscribed: yes 

I found the problem. I guess there's a number of locations where .ldaprc
can be found. I have an old backup of a Linux home directory under my
cygwin home and that contained a .ldaprc with a TLS_CACERTDIR setting that
makes no sense on my windows box.  I removed it and also the ldap.conf I
just created and ldapsearch worked as expected. I can't understand why
2.4.42 ignored that file while 2.4.48 tried to use it but it seems local to
my oddball situation and not a broader issue.

Thanks again for all the help and advice.

On Tue, Aug 6, 2019, 15:17 David Goldberg <dsg18096 AT gmail DOT com> wrote:

> Thank you, Achim!  I should have thought of that myself. Indeed adding an
> appropriate TLS_CACERT to ldap.conf has solved the problem and 2.4.48
> ldapsearch is working now.
>
> On Tue, Aug 6, 2019, 12:44 Achim Gratz <Stromeko AT nexgo DOT de> wrote:
>
>> David Goldberg writes:
>> > Correct, openssl s_client works, as does the older build of
>> ldapsearch.  I
>> > can't find any .ldaprc nor ldap.conf files on my system.
>>
>> Then work the other way around and create a configuration file that
>> points to the PKI.  It's entirely possible that the compiled-in default
>> (if there even is one) is not correct.  If so I'll have to figure out
>> how to change that, but until then it would be useful to know if things
>> start working when the config is pointing to the existing PKI (which, as
>> you tested can be used correctly by openssl).
>>
>>
>> Regards,
>> Achim.
>> --
>> +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
>>
>> SD adaptations for Waldorf Q V3.00R3 and Q+ V3.54R2:
>> http://Synth.Stromeko.net/Downloads.html#WaldorfSDada
>>
>> --
>> Problem reports:       http://cygwin.com/problems.html
>> FAQ:                   http://cygwin.com/faq/
>> Documentation:         http://cygwin.com/docs.html
>> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
>>
>>

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019