[Date Prev][Date Next]
Re: Trying to get TLS Working
On Sep 27, 2004, at 4:59 PM, David Wheeler wrote:
Also, you didn't mention whether you've configured your ldap.conf
properly. I will assume since you didn't mention it that you haven't
configured it, and this obviously must be done first.
Quite so. I hadn't even noticed it. I only saw instructions for
editing an ldap.conf used by pam and nis, neither of which I'm using
at this point. I'll take a look at its man page and see what it says.
This did the trick. I added a pointer to my CA cert to ldap.conf, and
then it said:
additional info: TLS: hostname does not match CN in peer
Well, I'm used to that from creating self-signed certs for Apache. So I
created a new server cert with the CN set to the hostname of my LDAP
server, and now ldapsearch -ZZ works beautifully!
I did notice that it tends to have this complaint:
ldap_start_tls: Operations error (1)
additional info: TLS already started
When I specify "ldaps://ldap.ecample.com/" for the URL in ldap.conf.
That seems rather odd, but it goes away when I change it to "ldap://".
Oh, and mod_auth_ldap seems to be working over SSL now, though there I
*do* specify ldaps://.
Anyway, thanks for the hint about ldap.conf. That was exactly what I