[Date Prev][Date Next]
Re: TLSVerifyClient => no login possible
Dieter Kluenter schrieb:
> Sebastian Reinhardt <email@example.com> writes:
>> Sorry, please forget everything I wrote in my last mail....stop! Not
>> everithing! Delte the "partial"!
>> IT WORKS! I can login at both, "real" client pc and as client on server
>> machine! Everithing is set to demand and the test (ldapsearch and login)
>> works. So only the one point is left: the LDAP- Workshop (Stefan Kania's
>> one) uses the "TLSCipherSuite HIGH:MEDIUM:+SSLv2" option. If I activate
>> this in slapd.conf, ldap can not be started. Why? I do not know, because
>> I get no output.
> In order to find out run
> openssl ciphers SSLv2
> openssl ciphers HIGH
> openssl ciphers MEDIUM
I get the following output:
lmvserver:~ #openssl ciphers SSLv2
lmvserver:~ # openssl ciphers MEDIUM
lmvserver:~ # openssl ciphers HIGH
So I think, this should work?! SSLv3 is also available. Is it better to
use "TLSCipherSuite HIGH:MEDIUM:+SSLv3"?
Oh, I had not posted the solution of my major problem: I mixed ip's and
host names (in /etc/ldap.conf I used ip's and in certificates host
names). Due to the comment in /etc/ldap.conf "the LDAP- Server must be
resolveable without ldap" I thought that it is better to use the ip of
our server. Also, I used as common name instead of servers host name the
client name (in every client cert the according client host name). So
this could not work......I was a little bit confused of configuring
multiple ldap.conf- file, but thanks to Dieter the server is up and running.
Mit freundlichen GrÃÃen