[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP with SSL

there are 2 possible solutions.
1st: each client need the correct cert that he can connect.
2nd: if you wanna use ist like "ssl webpages", you need to set this in
(disables client cert checking)

TLSVerifyClient never


Am 04.12.2009 11:16, schrieb Chamith Kumarage:
> Hi Folks,
> I have setup openldap with SSL and i'm using self signed certs. I have
> included the following in my slapd.conf.
> TLSCACertificateFile /etc/ldap/ssl/server.pem
> TLSCertificateFile /etc/ldap/ssl/server.pem
> TLSCertificateKeyFile /etc/ldap/ssl/server.pem
> TLSVerifyClient demand
> and in my ldap.conf I have;
> HOST <my_ip>
> PORT 636
> TLS_REQCERT /etc/ldap/ssl/server.pem
> When I start the service, I see port 636 is up and I can even telnet to
> it. But I cannot perform any ldap operations there.
> Any help would be appreciated!
> Thanks,
> ~Chamith