[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Connecting Netscape + SSL to OpenLdap 2.0.6

> Seth Ladd wrote:
> >
> > I can successfully connect via SSL when using ldapsearch.  I can also
> > successfully connect to OpenLDAP w/ Netscape w/out using SSL.
> >
> > The errors mention problems w/ the client certificate.  If this
> really is
> > the client cert from Netscape, I don't know how to change that.
> Do not require a client certificate from Netscape in LDAP.  It does not
> send it.  There is nothing you can do to have it send it: the LDAP
> component in Netscape simply does not contain the necessary code.
> At least, that's what I was told in private last year.
> IIRC, 'TLSVerifyCLient 0' in slapd.conf is what you need.

Thanks for the tip!  I did put it into my slapd.conf, but I still can't get
Outlook or Netscape to connect correctly.  Based on the previous threads
lately, I don't think I have much of a change of getting Netscape to connect
correctly via SSL.  But I do have hopes for Outlook.

The error that I get now (after the TLSVerifyClient 0) is:

TLS: can't accept.
TLS: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not
return a certificate s3_srvr.c:1666

I looked for TLSVerifyClient in the man page, but it is not listed.  I did
find reference to it in config.c.

Has anyone had luck getting Outlook to connect to OpenLDAP via SSL?

Thank you,