[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Solaris 10 native Client with TLS to OpenLDAP



Thanks for your reply Dieter.

On Tue, Oct 07, 2008 at 09:03:21PM +0200, Dieter Kluenter wrote:
> John Gee <john@kleinfeld.ch> writes:
> 
> > -( solaris 10 - client )----
> >
[...]
> > # list cert-db
> >   certutil -L -d /var/ldap
> >   ca-cert                                                    CT,,
> >   ldap02.kleinfeld.ch                                        C,,
> >   ldap01.kleinfeld.ch                                        C,,
> 
> The server presents the server certificate (ldap01.kleinfeld.ch),
> the ldap client presents the CA but the server expects a client
> certificate. Change slapd.conf not to verfiy a client certificate.

Well, i already have  "TLSVerifyClient never" entry in slapd.conf.
I think there must be a option on client side (Solaris 10 native 
client). When using openLDAP Client with the following options in 
ldap.conf it works (but not with the native client)
TLS_CACERT /etc/ssl/certs/cacert.pem 
TLS_REQCERT never 

- John