[Date Prev][Date Next]
Re: SASL External Mechanism
On Wednesday 31 December 2003 18:37, firstname.lastname@example.org wrote:
> Thanks for your helps. I've double checked my configuration and reread
> the Administrator's Guide. I'm sure I've asserted the client's
> The server's "slapd.conf" file contains:
> TLSCACertificateFile /etc/openldap/cacert.pem
> TLSVerifyClient demand
> The client's "ldap.conf" file contains:
> TLS_CERT /etc/ldap/cert.pem
> TLS_KEY /etc/ldap/key.pem
are these the only TLS related statementsin yur server'a slapd.conf and your
client's ldap.conf file ?
AFAIK TLS requires the server to have a certificate.and the client to be able
to check the certificate from the server.
To do this the client needs the CA's certificate.
Thus you need
with appropriate (i.e. from your CA signed) servercert.pem and serverkey.pem
in your server's slapd.conf. The server's key may not be password protected.
On the client side you need
in your ldap.conf.
That's at least how I understand it ;-)