[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Client auth to slapd TLS issues

Philip Bellino wrote:
Running openldap -2-3-32 with SLAPD on a linux server.
Also running openldap-2-3.32 on a linux client.

slapd.conf includes:

TLSCACertificateFile /usr/local/etc/openldap/cacert.pem
TLSCertificateFile /usr/local/etc/openldap/servercert.pem
TLSCertificateKeyFile /usr/local/etc/openldap/newkey.pem
TLSVerifyClient never (or allow)

Issue1: Here is the debug output from the openldap code if the ldap.conf file has the following in it when I try authentication:

TLS_CACERT cacert.pem
TLS_CACERTDIR /usr/local/etc/openldap/

All of the TLS cert-related directives take fully qualified pathnames. There is no relation between TLS_CACERT and TLS_CACERTDIR, just put the full path the cacert.pem in TLS_CACERT. Read the Admin Guide, Chapter 12.

Can anyone tell me why I get this error?

Any help would be most appreciated.
Phil Bellino
============================ Phil Bellino MRV Communications, Inc. Boston Product Division 295 Foster St. Littleton,MA 01460 Tel: (978)952-4807 Email: pbellino@mrv.com ============================

  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  Chief Architect, OpenLDAP     http://www.openldap.org/project/