[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Sync Replication via TLS/SSL - get bind err

--On December 21, 2007 11:22:10 AM +0100 RUMI Szabolcs <rumi_ml@rtfm.hu> wrote:
And at the clients:

tls_cacertfile /etc/ssl/certs/CA.pem
# tls_cacertdir /etc/ssl/certs
tls_cert /etc/openldap/ssl/ldap-client.crt
tls_key /etc/openldap/ssl/ldap-client.key

Is this wrong?

I've run into issues on some platforms, where I had to use the TLS_CACERTDIR directive in slapd.conf, and then have a x509 hash in the ca dir. This seems to be related to some issue inside of OpenSSL. As others have noted, make sure that you can get ldapsearch -ZZ to work first.

[build@build01 zimbra]$ cat .ldaprc
TLS_CACERTDIR /opt/zimbra/conf/ca

[build@build01 ca]$ pwd /opt/zimbra/conf/ca [build@build01 ca]$ ls -l total 8 lrwxrwxrwx 1 root root 6 Dec 18 12:37 3f8945a0.0 -> ca.pem -rw-r--r-- 1 root root 891 Dec 18 12:37 ca.key -rw-r--r-- 1 root root 976 Dec 18 12:37 ca.pem

for example.



Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration