[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldaps access with RedHat 7.3 installation






Was your openldap compiled with the '--with-tls' option?  That's a
requirement.

Why are you giving a number arg to 'TLSVerifyClient'?  It takes a string.
I have seen it given a number arg twice and both were today.  Did something
change recently?  The directive is not needed for TLS operation (only
client authentication) , so you can remove it for now.

Some users have been helped with this doc:
http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html.  Give it a try.
I have only configured OpenLDAP 2.1.x for TLS.  If 2.0.x is problematic in
that area, I hope someone will chime in and encourage you to upgrade to it.

Cheers,
Kent Soper

"You don't stop playing because you grow old ...
       you grow old because you stop playing."

Linux Technology Center, Linux Security
e-mail:  dksoper@us.ibm.com




                                                                                                                                
                      Robert Fitzpatrick                                                                                        
                      <robert@webtent.com>             To:       "openldap-software@OpenLDAP.org"                               
                      Sent by:                          <openldap-software@OpenLDAP.org>                                        
                      owner-openldap-software@O        cc:                                                                      
                      penLDAP.org                      Subject:  ldaps access with RedHat 7.3 installation                      
                                                                                                                                
                                                                                                                                
                      08/13/2003 04:00 PM                                                                                       
                                                                                                                                
                                                                                                                                




With the standard installation of OpenLDAP 2.0.27, I have the server up
and running fine. I have setup TLS support in the slapd.conf file and
the service restarts without problem:

TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCertificateFile /etc/openldap/server.cert
TLSCertificateKeyFile /etc/openldap/server.key
TLSCACertificateFile /etc/openldap/demoCA/cacert.pem
TLSVerifyClient 0

The start up script I'm using is the standard one with the RH7.3 distro
which uses the -h option with 'ldap:/// ldaps:///' if it greps the TLS.
However, I cannot access the directory securely using ldaps, only ldap
works from the localhost or another machine on the network. I've seen
two examples of setting this up and I can't seem to find where I'm going
wrong. There are no ACL's setup, yet.

Can someone point me to logs to check or what to look for in solving the
issue?

--
Robert