[Date Prev][Date Next]
RE: openldap-2.0/TLS certificate error
At 03:46 PM 6/13/00 -0400, Mark Valence wrote:
>I'm a bit shaky on the client side, maybe someone else has a more
>>How about on the client side? That is, how does
>>a client present certificate to slapd when requested?
>You need to set TLS_KEY in your ldap.conf file to the path to your
>private key file, and TLS_CERT as well. In any case, this option is
>not fully implemented, since the server does not use the identity
>from the certificate.
>>and, how does a client verify server certificate
>That's not implemented yet. When it is, you'll need to have
>TLS_CACERT and TLS_CERT entries in ldap.conf.
BTW, someone needs to go through the ldap.conf/.ldaprc TLS options
(init.c) marking those which are per-user as 'user-only'.