[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Connecting Netscape + SSL to OpenLdap 2.0.6

To: <openldap-software@OpenLDAP.org>
Subject: RE: Connecting Netscape + SSL to OpenLdap 2.0.6
From: "Seth Ladd" <seth@brivo.com>
Date: Thu, 19 Oct 2000 10:51:14 -0400
Importance: Normal
In-reply-to: <39EE9BD7.7B3809C8@stl.es>

> Seth Ladd wrote:
> >
> > I can successfully connect via SSL when using ldapsearch.  I can also
> > successfully connect to OpenLDAP w/ Netscape w/out using SSL.
> >
> > The errors mention problems w/ the client certificate.  If this
> really is
> > the client cert from Netscape, I don't know how to change that.
>
> Do not require a client certificate from Netscape in LDAP.  It does not
> send it.  There is nothing you can do to have it send it: the LDAP
> component in Netscape simply does not contain the necessary code.
> At least, that's what I was told in private last year.
>
> IIRC, 'TLSVerifyCLient 0' in slapd.conf is what you need.

Thanks for the tip!  I did put it into my slapd.conf, but I still can't get
Outlook or Netscape to connect correctly.  Based on the previous threads
lately, I don't think I have much of a change of getting Netscape to connect
correctly via SSL.  But I do have hopes for Outlook.

The error that I get now (after the TLSVerifyClient 0) is:

TLS: can't accept.
TLS: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not
return a certificate s3_srvr.c:1666

I looked for TLSVerifyClient in the man page, but it is not listed.  I did
find reference to it in config.c.

Has anyone had luck getting Outlook to connect to OpenLDAP via SSL?

Thank you,
Seth

Follow-Ups:
- Re: Connecting Netscape + SSL to OpenLdap 2.0.6
  - From: "Jim Hud" <jdhz@btinternet.com>

References:
- Re: Connecting Netscape + SSL to OpenLdap 2.0.6
  - From: Julio Sánchez Fernández <j_sanchez@stl.es>

Prev by Date: Re: Performance of ACLs
Next by Date: Re: Connecting Netscape + SSL to OpenLdap 2.0.6
Index(es):
- Chronological
- Thread