[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL/TLS problem



On Tue, 24 May 2005, Arnaud Fontaine wrote:

[cut]

I added these line to /etc/ldap/slapd.conf : TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSVerifyClient demand

Above, you are telling slapd to demand a certificate from your LDAP client and terminate the session immediately if the client fails to provide one. If this is intended, provide your client with an appropriate certificate and add an appropriate TLS_CERT option to your ldap.conf(5). If not intended, you should remove this line.

TLSCACertificateFile    /etc/ldap/cfg/ssl/cacert.pem
TLSCertificateFile      /etc/ldap/cfg/ssl/servercrt.pem
TLSCertificateKeyFile   /etc/ldap/cfg/ssl/serverkey.pem

And these lines to /etc/ldap/ldap.conf :
TLS_CACERT      /etc/ldap/cfg/ssl/cacert.pem
TLS_REQCERT     demand

[cut]

--
  Kirk Turner-Rustin       | Programmer/Analyst
  Ohio Wesleyan University | Libraries and Information Services
  http://www.owu.edu       | http://lis.owu.edu