|I got my configuration working|
I have a ca.crt (a root cert from CAcert.org, you could create your own ca.crt)
I have a server.key
I have a server.crt (signed by ca.crt)
all setup in the slapd.conf file
I have ca.crt setup in the ldap.conf file on the slave
I happen to have TLS_VERIFY NEVER set, but I'm not sure that matters.
I also have TLS_REQCERT ALLOW set, but because of above it's not used in the ldap.conf
I've set this up on Fedora, MDK, and OpenSolaris.
On Dec 21, 2007, at 12:19 PM, Quanah Gibson-Mount wrote:
--On December 21, 2007 9:07:20 AM -0800 Quanah Gibson-Mount
> --On December 21, 2007 11:22:10 AM +0100 RUMI Szabolcs <email@example.com>
>> And at the clients:
>> tls_cacertfile /etc/ssl/certs/CA.pem
>># tls_cacertdir /etc/ssl/certs
>> tls_cert /etc/openldap/ssl/ldap-client.crt
>> tls_key /etc/openldap/ssl/ldap-client.key
>> Is this wrong?
> I've run into issues on some platforms, where I had to use the
> TLS_CACERTDIR directive in slapd.conf
Err, in ldap.conf or .ldaprc, I mean. ;)
Principal Software Engineer
Zimbra :: the leader in open source messaging and collaboration
Chris G. Sellers | NITLE Technology