[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLSVerifyClient demand

On Sunday 28 November 2004 00:11, Robert Fitzpatrick wrote:
> I have all the TLS working well, but if I set the slapd.conf file on the
> server to TLSVerifyClient to demand, my SuSE workstation will not find
> users and groups in LDAP. However, I can login as root and do a 
> ldapsearch -x -Z and works fine. Does this mean SuSE is not sending a
> certificate? 
Did you configure nss/pam_ldap to send client certificates? For how to do that 
please have a look at /etc/ldap.conf. The settings in /etc/openldap/ldap.conf 
and .ldaprc don't have an effect on nss_ldap/pam_ldap.
Note: This is slightly off topic here, as nss_ldap/pam_ldap configuration is 
not a topic of this list. The pam_ldap/nss_ldap lists on PADL.com might be a 
better forum to discuss this.

> If so, is there a way to make the machine use one 
> considering PAM and LDAP? Sure enough, if I relax the TLSVerifyClient in
> slapd.conf to try, then all works fine.

Ralf Haferkamp
SUSE LINUX Products GmbH, Maxfeldstrasse 5, D-90409 Nuernberg
T: +49-911-74053-0
F: +49-911-74053575 - Ralf.Haferkamp@suse.com