[Date Prev][Date Next]
Re: openldap proxy: schema issue
"email@example.com" <firstname.lastname@example.org> writes:
> Thanks for your help.
> Now i'm trying to get a ldaps connection with the backend ldap server.
> I want my openldap proxy to check the backend certificate with the CA
> certificate that i put after TLSCACertificateFile.
> The issue is that the ldaps connection works everytime without checking the
> backend server certificate.
> The configuration line with TLSCACertificateFile has no effect on the ssl
> connection !
> I saw that TLSVerifyClient enable to force the certificate check of the client
> conneting to my openldap proxy but i don't see how to force the openldap proxy
> to check the backend server certificate.:p>
In this particular case back-ldap acts as a client, thus client
specific configurations are read from ldap.conf
> Then, i had 2 .cer CA certificate (a root and an intermediate) that i concat
> in 1 certificate. Does openldap support .cer ? or should i rename it in .pem ?
OpenLDAP only supports pem format.
Dieter Klünter | Systemberatung
GPG Key ID:8EF7B6C6