[Date Prev][Date Next] [Chronological] [Thread] [Top]

Problem in start TLS in LDAP

Hi all,

I have followed the steps in the following document.


Step 6 in this document is

6. Make the CA certificate available to your LDAP clients.
If the client is on the same machine, copy cacert.pem to a location accessible by the client. If clients are on other machines, then cacert.pem will have to be copied to those machines and also made accessible.  quoted below:

If the client is on the same machine with the following ldap.conf file,

TLS_CACERT  /usr/local/var/openldap-data/cacert.pem

it is working fine. If I comment out TLS_CACERT directive, the tls connection request is failing.
But If the client is on some other machine, then without the TLS_CACERT directive in that machine's ldap.conf file, the tls connection is succeding. Isn't this not correct? Can someone explain this behaviour?

- Mohan.

Mohana Sundaram K.S.
HCL Technologies