[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Client says Can't contact LDAP server, but it can!

--On Monday, July 28, 2008 12:44 PM -0700 John Oliver <joliver@john-oliver.net> wrote:

I do appreciate all of the help, and apologize if I seem dense.  I know
that the root cause is my lack of knowledge here.  I'm reading as fast
as I can, but an awful lot of this documentation assumes a lot of
things.  I've never worked with SSL before, and my eyes are rolling back
in my head :-)  On top of that, I have people breathing down the back of
my neck to make this work on a short deadline.  Very frustrating :-(

You continue to do things incorrectly, and be unhappy when they don't work because of it. Again, to set up your LDAP servers *correctly* with SSL/TLS, you will need to create your own CA and sign your certs with it, or order commercial certs, and install their CA. Period. Can you do a single server easily the way you've done things? Yes, but it is still broken. Can you do *multiple* servers the way you've done it, easily? No, you cannot. Take the time to do it right. If you'd simply done that from when I first emailed you on 7/24, you'd be 4 days further ahead of where you are now.



Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration