[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problems with SASL and TLS



> I have successfully configured SLAPD to use TLS with a self-signed
> certificate.
>   I basically used the openSSL description of creating a self-signed
> certificate for Apache.  However, when I try and connect to it with
> SLURPD it fails.  I verified that it works with other clients however.
> Is this the idea behind TLS=[critical|yes]?  I don't see how SLURPD
> would accept this certificate.  I did try to use the same certificate
> on both of the servers but this didn't help.  Is this correct?

here are the relevant pieces of what i have in my slapd.conf:

TLSCertificateFile      /etc/openldap/server.pem
TLSCertificateKeyFile   /etc/openldap/server.pem
TLSCACertificateFile    /etc/openldap/server.pem

replogfile /etc/openldap/slurpd.replog
replica host=192.168.1.2:389
        binddn="cn=manager,dc=example,dc=net"
        bindmethod=simple
        credentials=mypasswd
        tls=yes

you should generate the key like this:

# openssl req -new -x509 -nodes -out server.pem -keyout server.pem -days 365

note.  this used to work great for me however since i recompiled to use a
non-standard location (--prefix=/opt/openldap-2.0.7-1) i've found that tls
based replication does not work, though "ldapsearch -ZZ ..." does work.  i
have yet to find a solution to this.

adam.