X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:reply-to:to:subject:message-id
	:in-reply-to:references:mime-version:content-type
	:content-transfer-encoding; q=dns; s=default; b=dU+pJFAz5gezXszi
	GUIox6Hi7knxD6Y+EsOcHhv/1X5p7dZzKJiZ5t9z4FrqJlH4PMqsd7Dxm/OzLViK
	OlixNYI67JM35LGPItHcYWXMli4FLSUJzqFS8j3GtYdPlRmk/ijXvN+m+KYwPsu5
	+2AHtjdqFik4n8k/rH3HHQkBuoE=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:reply-to:to:subject:message-id
	:in-reply-to:references:mime-version:content-type
	:content-transfer-encoding; s=default; bh=KpsxMiuxYR0l0qBHhx5+BD
	VNeOA=; b=LotVE8DGECoBkZdsyBgCPCK12iutfMrmE1oa9ULytuKy9FdDxPO2g0
	Lu+QHtFO8WzyOAYEPTDIfERQky2MwVtAztMb56utUf0u6VEhNqIKqu4XtpsNYhQt
	xsky6nAVZQyteuKSfxTCrFegxni+EaC7DQoiAkAl04S1TapfvlsCI=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-0.7 required=5.0 tests=AWL,BAYES_50,SPF_PASS autolearn=ham version=3.3.1 spammy=certificate, goldberg, 2.4.48-1, Openldap
X-HELO: zmcc-2-mx.zmailcloud.com
Date: Mon, 05 Aug 2019 12:25:09 -0700
From: Quanah Gibson-Mount <quanah AT symas DOT com>
Reply-To: Quanah Gibson-Mount <quanah AT symas DOT com>
To: David Goldberg <dsg18096 AT gmail DOT com>, cygwin AT cygwin DOT com
Subject: Re: Openldap 2.4.48-1 vs my company's pki
Message-ID: <228DE7899A9CF9C913C8B1B8@[192.168.1.39]>
In-Reply-To: <CAN9EdkYG1aFnaMAPM3jg=0psRoiS1rF7Hze618UYj1mHByjKbg@mail.gmail.com>
References: <CAN9EdkY=zrEv31+PD8XXu9rVw4H_eXLEoMk5u=7H02Q1Xu7-Wg AT mail DOT gmail DOT com>  <87ftmje5zb DOT fsf AT Rainer DOT invalid> <CAN9EdkYzh558w=CG3UkzgN0rg98eVx2V0BcdktEwVEW3dS1qCQ AT mail DOT gmail DOT com> <874l2y4ulo DOT fsf AT Rainer DOT invalid> <CAN9EdkYG1aFnaMAPM3jg=0psRoiS1rF7Hze618UYj1mHByjKbg AT mail DOT gmail DOT com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-IsSubscribed: yes

--On Monday, August 05, 2019 9:22 AM -0400 David Goldberg 
<dsg18096 AT gmail DOT com> wrote:

> Sorry, was away from work over the weekend. I just tested with openssl
> s_client and it works just fine.  Version is 1.1.1.  there is no self
> signed certificate. It's signed with the company pki rather than
> commercial and I've properly installed that chain. The problem send to be
> with the new build, at least the weird ldd output leads me to that
> conclusion. I'll try to find some time to build from source and see if it

Do you mean you connected to the ldap server using OpenSSL s_client to 
confirm that works?  If that works and the ldapsearch (or other ldap 
client) binary does not, then you likely have a global /etc/ldap.conf (or 
whereever this build looks for it) or a ~/.ldaprc file that defines the 
path or file to find the CA certificate that would need updating.

Regards,
Quanah


--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple