ldapsearch fails to connect via TLS to LDAP server with self-signed certificate without Basic Constraint Extension
Issue
ldapsearch
using Transport Layer Security (TLS) (ie. -Z
option) on Red Hat Enterprise 6 results in the following message, even with "TLS_REQCERT never
" set in /etc/openldap/ldap.conf
.
# ldapsearch -x -Z -H ldap://xxx.xxx.xxx.xxx/ -b "dc=xxx,dc=xxx" -D "cn=xxx,ou=xxx,dc=xxx,dc=xxx" -W
ldap_start_tls: Connect error (-11)
additional info: TLS error -8157:Certificate extension not found.
Enter LDAP Password:
ldap_result: Can't contact LDAP server (-1)
Environment
Red Hat Enterprise Linux 6
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.