[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Sync Replication via TLS/SSL - get bind err
--On December 21, 2007 11:22:10 AM +0100 RUMI Szabolcs <rumi_ml@rtfm.hu>
wrote:
And at the clients:
tls_cacertfile /etc/ssl/certs/CA.pem
# tls_cacertdir /etc/ssl/certs
tls_cert /etc/openldap/ssl/ldap-client.crt
tls_key /etc/openldap/ssl/ldap-client.key
Is this wrong?
I've run into issues on some platforms, where I had to use the
TLS_CACERTDIR directive in slapd.conf, and then have a x509 hash in the ca
dir. This seems to be related to some issue inside of OpenSSL. As others
have noted, make sure that you can get ldapsearch -ZZ to work first.
[build@build01 zimbra]$ cat .ldaprc
TLS_CACERTDIR /opt/zimbra/conf/ca
[build@build01 ca]$ pwd
/opt/zimbra/conf/ca
[build@build01 ca]$ ls -l
total 8
lrwxrwxrwx 1 root root 6 Dec 18 12:37 3f8945a0.0 -> ca.pem
-rw-r--r-- 1 root root 891 Dec 18 12:37 ca.key
-rw-r--r-- 1 root root 976 Dec 18 12:37 ca.pem
for example.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration