[Date Prev][Date Next] [Chronological] [Thread] [Top]

Setting certificate file for client



I'm getting some trouble using LDAP over TLS/SSL. I'm using
openldap-2.0.23. 

The problem is that I can authenticate the server from the clients but
not the vice-versa. I would like to autenticate the clients, so I put:

TLSVerifyClient         1

(tried using hard, or demand, instead of 1, but this is the only way it
worked). This way I can authenticate only if I have something like:
 
TLS_CACERT      /etc/ssl/certs/cacert.pem
TLS_CERT        /etc/ssl/certs/newcert.pem
TLS_KEY         /etc/ssl/certs/newkey.pem

in .ldaprc, sending the client certificate. The problem seems that there
is no way to set things system-wide and then I cannot autheticate when
using libnss-ldap.

There is any vay I can set a client certificate to system-wide use? I
tried to put the same lines inside ldap.conf, but no results.

Thanks anyway
Simone