[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP client TLS configuration

Dan O'Reilly wrote:
At 01:48 PM 9/21/2006, Kurt D. Zeilenga wrote:
At 12:00 PM 9/21/2006, Dan O'Reilly wrote:
>I'm trying to get an OpenLDAP client to use TLS to talk to (non-OpenLDAP) LDAP server. This LDAP server is properly configured for TLS (as verified by other (non-OpenLDAP) LDAP clients).

Verify the server is configured properly for LDAP over TLS (ldaps://)
using the OpenSSL s_client program (with certificate verification

Well, I guess the specific question I would have here is "what certificates/keys/etc are even required for this?". When setting up the LDAP server I was told by the people who supply it that I would need only a trusted root certificate from the LDAP server to do authentication, but I was also told by another person at that company that I would need more than just that one certificate. What specifically would LDAP need? I suspect my problem isn't really so much one of a misconfigured server so much as not having all the necessary certs and/or keys available, that sort of thing.

See the Admin Guide, it's all spelled out there. http://www.openldap.org/doc/admin23/tls.html

  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/