I'm new to Zimbra, and I'm trying to use its internal OpenLDAP for OS authentication in a Linux Mint client. The software versions are the following:
* Zimbra: Release 6.0.9_GA_2686.RHEL5_64_20101115233514 CentOS5_64 FOSS edition.
* Zimbra OS server: CentOS release 5.5 (Final)
* Client: Linux Mint 10 Julia
I was having some problems trying to connect to Zimbra OpenLDAP from the client with ldapsearch command. I could not make that work with start TLS on port 389; however the regular connection works fine.
As Linux Mint is an Ubuntu derivative, and is using the OpenLDAP tools with GNU TLS (which I have read that can have some problems), I decided to start trying first from the ZImbra server itself. So, in the CentOS host I copied the CA certificate to /etc/openldap/cacerts directory, make the soft link with the hash number, and configured the variable TLS_CACERTDIR with that directory in ldap.conf. After that, I could execute something like:
ldapsearch -x "(objectclass=*)" -D cn=config -W -ZZ
And it worked fine. However, when trying to test only the connection with openssl, an error is given:
> openssl s_client -connect host.domain:389
31319:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:
The same thing happen if I try with the -CApath option. So, does anyone can help me to discover what could be wrong?. I would like to resolve this problem first, so I could continue with the Linux Mint problem then.
And more specifically to Zimbra: as I have said, I am new to Zimbra, but have some experience with OpenLDAP. Then, I would like to know where TLS configurations for OpenLDAP can be viewed / edited. I have tried with zmlocalconfig command, but all that I can find is ldap_starttls_supported and ldap_common_require_tls.
Thanks very much,