[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: openldap-2.0/TLS certificate error

At 03:46 PM 6/13/00 -0400, Mark Valence wrote:
>I'm a bit shaky on the client side, maybe someone else has a more 
>definitive answer.
>>How about on the client side? That is, how does
>>a client present certificate to slapd when requested?
>You need to set TLS_KEY in your ldap.conf file to the path to your 
>private key file, and TLS_CERT as well.  In any case, this option is 
>not fully implemented, since the server does not use the identity 
>from the certificate.
>>and, how does a client verify server certificate
>>when presented?
>That's not implemented yet.  When it is, you'll need to have 
>TLS_CACERT and TLS_CERT entries in ldap.conf.

BTW, someone needs to go through the ldap.conf/.ldaprc TLS options
(init.c) marking those which are per-user as 'user-only'.