[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS works not proper.

Quoting Oliver Hoffmann <oliver.hoffmann@uw-service.de>:

> Encryption seems to work half now. These are the new problems.
> A search from a local user shows:
> bash-2.05b$ ldapsearch -v -n -Z -b 'dc=testldap,dc=org'

Try double Z's (ldapsearch -ZZ) instead. If there's something
wrong, ldapsearch will fail. In your case, it will continue
even if there's something wrong...

> The user's ldaprc:
> # Override global directive (if set)
> TLS_REQCERT demand
> # client authentication
> TLS_CERT /home/admin/ldap.client.pem
> TLS_KEY /home/admin/ldap.client.key.pem

The client needs to know about the CA cert. Either in the
global LDAP client config or the user ldaprc.

----- s n i p -----
ida:~# grep TLS /etc/ldap/ldap.conf
TLS_CACERT      /etc/ldap/cacert.pem
----- s n i p -----