[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLSVerifyClient => no login possible

Sebastian Reinhardt <snr@lmv-hartmannsdorf.de> writes:

> Hello,
> I have configured an openSUSE 11.0 (x86_64) with openldap- server. Also
> the  TLS is activated. All clients are set to "TLS_REQCERT    demand"
> and is working.
> Then I created client certificates by using the servers Yast2 CA-
> management. I copied teh client certificates and also the servers
> "cacert" into the "/etc/openldap/" directory on client computer. With
> "TLSVerifyClient allow" clients can login, but if I activate the
> "TLSVerifyClient demand" option in servers slapd.conf no user can
> perform an login and it causes errors in /var/log/messages:

> What is wrong? The clients certificate "common name" is set to the
> clients hostname. Is this ok?

Clients don't read slapd.conf(5) but only ldap.conf(5), run slapd with
debug level 3 to analyse the tls session.


Dieter KlÃnter | Systemberatung
sip: +49.180.1555.7770535