The LDAP server where we are doing our authentication
had to change
certificate, and now when user attempts to login for edit
purposes they
get Login error: Incorrect password entered. Please try again.
You should trust the CA certificate, not the server certificate; if you
do so, you won't have this problem next time.
If you are on a Linux system, the file you need to modify is going to be
/etc/openldap/ldap.conf. You need to add the following options:
TLS_CACERT <path to the CA certificate that signed your server
certificate>
TLS_CACERTDIR <same as above, minus the filename>
I believe the ca cert file needs to be in PEM format (base64). If the CA
certificate is in DER format for some reason (unlikely), you can convert
to PEM with openssl:
openssl x509 -inform DER -outform PEM -in cacertinderformat.cer
-out cacertinpemformat.cer
You can check the certificate information as well:
openssl x509 -noout -text -in cacert.cer
V/r,
Ryan Lane