[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLSVerifyClient => no login possible

Dieter Kluenter schrieb:
> Sebastian Reinhardt <snr@lmv-hartmannsdorf.de> writes:
>> Sorry, please forget everything I wrote in my last mail....stop! Not
>> everithing! Delte the "partial"!
>> IT WORKS! I can login at both, "real" client pc and as client on server
>> machine! Everithing is set to demand and the test (ldapsearch and login)
>> works. So only the one point is left: the LDAP- Workshop (Stefan Kania's
>> one) uses the "TLSCipherSuite HIGH:MEDIUM:+SSLv2" option. If I activate
>> this in slapd.conf, ldap can not be started. Why? I do not know, because
>> I get no output.
> In order to find out run
> openssl ciphers SSLv2
> openssl ciphers HIGH
> openssl ciphers MEDIUM
> -Dieter

Hi Dieter,
I get the following output:

lmvserver:~ #openssl ciphers SSLv2

lmvserver:~ # openssl ciphers MEDIUM

lmvserver:~ # openssl ciphers HIGH

So I think, this should work?! SSLv3 is also available. Is it better to
use  "TLSCipherSuite HIGH:MEDIUM:+SSLv3"?

Oh, I had not posted the solution of my major problem: I mixed ip's and
host names (in /etc/ldap.conf I used ip's and in certificates host
names). Due to the comment in /etc/ldap.conf "the LDAP- Server must be
resolveable without ldap" I thought that it is better to use the ip of
our server. Also, I used as common name instead of servers host name the
client name (in every client cert the according client host name). So
this could not work......I was a little bit confused of configuring
multiple ldap.conf- file, but thanks to Dieter the server is up and running.

Mit freundlichen GrÃÃen

Sebastian Reinhardt