[Date Prev][Date Next] [Chronological] [Thread] [Top]

Add SSL/TLS to OpenLDAP but some web-app works incorrect.

Hi all;

I am newbie here, sorry for the so stupid question. I have a OpenLDAP-2.1.30-r3 installation on my gentoo box followed by openldap administrator guide in http://www.openldap.org. And non-SSL/TLS it works so well.
I have added SSL/TLS support to it follow the manual http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html step by step, except the client cert. After that i fould that it could works correctly in localhost with some app such as jxplorer, ldapbrowser, egroupware. but phpldapadmin could not work anywhere. It will received the follow messages:

Could not start TLS. Please check your LDAP server configuration.

In other machine i use the command

ldapsearch -x -b "dc=example,dc=com" -H "ldaps://myldapdomain"
It will received the correct result.

But it could not work with egroupware in remote machine.

I have searched the web and fould that the client should received the server cert, but i didn't know how to configure it. could someone pick me up?

The follow is some of my configuration.


TLSCertificateFile /etc/openldap/myca/servercrt.pem
TLSCertificateKeyFile /etc/openldap/myca/serverkey.pem
TLSCACertificateFile /etc/openldap/myca/cacert.pem
TLSVerifyClient never


BASE    dc=example, dc=com
TLS_CACERT /etc/openldap/myca/cacert.pem
TLS_REQCERT     never
TLS_CERT        /etc/openldap/myca/servercrt.pem
TLS_KEY         /etc/openldap/myca/serverkey.pem

Thank you in advance!

Wang Penghui