[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldap + ssl confusion

To: openldap-software@openldap.org
Subject: ldap + ssl confusion
From: Steve Pribyl <spribyl@peel.com>
Date: Fri, 25 Jan 2008 10:42:07 -0600
User-agent: Thunderbird 2.0.0.9 (X11/20071115)

Good Morning,

I need some help understanding why thing are the way they are.
All nodes run
slapd 2.3.34
slurpd 2.3.34
on Fedora 7
All nodes keys are self authenticated, i.e. links to from hash.

!!The Problem!!
ldapsearch works to NodeB server, iff NodeB_key is present on NodeA
slurpd works to NodeB server, iff NodeB_key is present on NodeA

Node A - ldap master/client
/etc/ldap/cacerts/NodeA_pub.pem
/etc/ldap/cacerts/NodeB_pub.pem
/etc/pki/tls/certs/NodeA_key.pem
ldapsearch works to NodeA ldap server.
/etc/pki/tls/certs/NodeB_key.pem <--Why is this required?
ldapsearch works to NodeB server, iff NodeB_key is present on NodeA
slurpd works to NodeB server, iff NodeB_key is present on NodeA

Node B - ldap slave/client
/etc/ldap/cacerts/NodeA_pub.pem
/etc/ldap/cacerts/NodeB_pub.pem
/etc/pki/tls/certs/NodeB_key.pem
ldapsearch works to all ldap servers.

Node C - ldap client
/etc/ldap/cacerts/NodeA_pub.pem
/etc/ldap/cacerts/NodeB_pub.pem
No Keys present
ldapsearch works to all ldap servers.

More details can be provied.
--
Steve Pribyl
Infrastructure Practitioner
Peel, Inc
990 Grove St. Suite 204
Evanston, IL 60201
Phone: 847-424-0954 ex 14
Cell: 847-434-2349
Fax: 847-424-0986
spribyl@peel.com

Follow-Ups:
- Re: ldap + ssl confusion
  - From: Philip Guenther <guenther+ldapsoft@sendmail.com>

Prev by Date: Re: Resolving aliasedobjectname(s)
Next by Date: Required changes in 2.4.7 regarding ACLs when using authz-regexp?
Index(es):
- Chronological
- Thread