[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS issues when setting olcTLSCACertificateFile to the CA bundle

To: Patrick Hemmer <openldap@stormcloud9.net>
Subject: Re: TLS issues when setting olcTLSCACertificateFile to the CA bundle
From: Bernd May <bernd@net.t-labs.tu-berlin.de>
Date: Sat, 16 Jun 2012 09:31:40 +0200
Cc: openldap-technical@openldap.org
In-reply-to: <4FDBFA5C.7020201@stormcloud9.net>
Organization: TU Berlin - Fachgebiet für Intelligente Netze
References: <4FD76994.2010203@stormcloud9.net> <4FDBFA5C.7020201@stormcloud9.net>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120430 Thunderbird/12.0.1

So you problem is, that you have signed your server cert with a CA from
a CA chain and your clients with another CA and you don't want clients
to connect, not signed by your client CA?

This sounds more like a case for ACLs and matching rules, since you
AFAIK you cannot tell ldap to only trust a CA for server cert
verification purposes. A CA is trusted or not.

-- 
Technische Universität Berlin - FGINET

Bernd May

System Administration
An-Institut Deutsche Telekom Laboratories
Sekr. TEL 16
Ernst-Reuter-Platz 7
10587 BERLIN
GERMANY

Mobile: 0160/90257737
E-Mail: bernd@net.t-labs.tu-berlin.de (T-Labs work)
WWW:    net.t-labs.tu-berlin.de

Attachment: signature.asc
Description: OpenPGP digital signature

Follow-Ups:
- Re: TLS issues when setting olcTLSCACertificateFile to the CA bundle
  - From: Patrick Hemmer <openldap@stormcloud9.net>

References:
- TLS issues when setting olcTLSCACertificateFile to the CA bundle
  - From: Patrick Hemmer <openldap@stormcloud9.net>
- Re: TLS issues when setting olcTLSCACertificateFile to the CA bundle
  - From: Patrick Hemmer <openldap@stormcloud9.net>

Prev by Date: Re: TLS issues when setting olcTLSCACertificateFile to the CA bundle
Next by Date: Re: Monitoring 2.3.43?
Index(es):
- Chronological
- Thread