[Date Prev][Date Next]
RE: Connecting Netscape + SSL to OpenLdap 2.0.6
> Seth Ladd wrote:
> > I can successfully connect via SSL when using ldapsearch. I can also
> > successfully connect to OpenLDAP w/ Netscape w/out using SSL.
> > The errors mention problems w/ the client certificate. If this
> really is
> > the client cert from Netscape, I don't know how to change that.
> Do not require a client certificate from Netscape in LDAP. It does not
> send it. There is nothing you can do to have it send it: the LDAP
> component in Netscape simply does not contain the necessary code.
> At least, that's what I was told in private last year.
> IIRC, 'TLSVerifyCLient 0' in slapd.conf is what you need.
Thanks for the tip! I did put it into my slapd.conf, but I still can't get
Outlook or Netscape to connect correctly. Based on the previous threads
lately, I don't think I have much of a change of getting Netscape to connect
correctly via SSL. But I do have hopes for Outlook.
The error that I get now (after the TLSVerifyClient 0) is:
TLS: can't accept.
TLS: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not
return a certificate s3_srvr.c:1666
I looked for TLSVerifyClient in the man page, but it is not listed. I did
find reference to it in config.c.
Has anyone had luck getting Outlook to connect to OpenLDAP via SSL?