RE: SSL client certificate question and bdb_dn2id_matched question

["Simon Liebold" <s.liebold@gmx.de>]

This seems to be a common problem.

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org 
> [mailto:owner-openldap-software@OpenLDAP.org] On Behalf Of 
> Tony Earnshaw
> 
> 
> man, 2003-01-13 kl. 15:01 skrev Bradley Scutvick:
> 
> > I'm new to the exciting world of ldap, I just got SSL working but I
> > still haven't connected completely to the server.

Me too.

> 
> CA, public and private key paths into slapd.conf. Path to 
> private key MUST be readable ONLY by server UID. Path to 
> public key MAY be read by all. Path to CA cert MUST be 
> readable by all.
> 
> If you don't know how to make CA-signed certs, yet have 
> Apache/mod_ssl, use those certs. Likewise FreeS/WAN, but then 
> you know how to, with a vengeance :)
 
I've read the folloing advisory. You might tell if this is right. If it
is, this is the answer for Bradley, if it is not, there might be a
answer for me:

I have created the key and the certificate (in one file) with:
openssl -req -new -x509 -nodes -days 730 -out ldap.pem -keyout ldap.pem

And i am using this file in slapd.conf as "TLSCertificateFile",
"TLSCertificateKeyFile" and "TLSCACertifikateFile".

And what's the problem:
I can query the LDAP-Server (ldapsearch) from the same host slapd is
running on. I also can reach it with Java-client "LDAP browser/editor"
from another host. However i cannot reach it from another host, using
"ldapsearch". The connection is beeing cancelled right after it is
established.

The commandline i am using to query (on both hosts):
ldapsearch -H ldaps://soma.loge-23.ilm/ -x -b "" -s base -d 255

There is a more complete description of the problem in a message i
postet earlier.

Greetings,
Simon