TLS Issue with Amazon OpenLDAP 2.4.23-15

Today I had an issue getting a good TLS connection from an OpenLDAP client to an OpenLDAP server on an EC2 instance using the packages supplied by Amazon.

The problem packages were:

openldap-2.4.23-15.13.amzn1.x86_64
openldap-clients-2.4.23-15.13.amzn1.x86_64

The problem was resolved through updating to version 2.4.23-20 via:

yum -y update openldap-clients

The problem was produced via the following ldapsearch command:

# ldapsearch -xZZ -d 4
TLS: did not find any valid CA certificates in /etc/openldap/cacerts
TLS: could perform TLS system initialization.
TLS: error: could not initialize moznss security context - error -5939:No more entries in the directory
TLS: can't create ssl handle.
ldap_start_tls: Connect error (-11)

Tags: , ,

Leave a Reply