[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP with SSL

To: Chamith Kumarage <gnu.chami@gmx.net>
Subject: Re: OpenLDAP with SSL
From: Marc Mertes <mertes@uni-bonn.de>
Date: Fri, 04 Dec 2009 12:48:00 +0100
Cc: openldap-technical@openldap.org
In-reply-to: <1259921770.7904.50.camel@chamith-laptop>
References: <1259921770.7904.50.camel@chamith-laptop>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.1.4pre) Gecko/20090915 SUSE/3.0b4-3.6 Thunderbird/3.0b4

Hi,
there are 2 possible solutions.
1st: each client need the correct cert that he can connect.
2nd: if you wanna use ist like "ssl webpages", you need to set this in
slapd.conf
(disables client cert checking)

TLSVerifyClient never

regards

Am 04.12.2009 11:16, schrieb Chamith Kumarage:
> Hi Folks,
>
> I have setup openldap with SSL and i'm using self signed certs. I have
> included the following in my slapd.conf.
>
> TLSCipherSuite HIGH:MEDIUM:-SSLv2
> TLSCACertificateFile /etc/ldap/ssl/server.pem
> TLSCertificateFile /etc/ldap/ssl/server.pem
> TLSCertificateKeyFile /etc/ldap/ssl/server.pem
> TLSVerifyClient demand
>
> and in my ldap.conf I have;
>
> HOST <my_ip>
> PORT 636
> TLS_REQCERT /etc/ldap/ssl/server.pem
>
>
> When I start the service, I see port 636 is up and I can even telnet to
> it. But I cannot perform any ldap operations there.
>
> Any help would be appreciated!
>
> Thanks,
> ~Chamith    
>
>

References:
- OpenLDAP with SSL
  - From: Chamith Kumarage <gnu.chami@gmx.net>

Prev by Date: Re: bootstrapping mirrormode
Next by Date: Re: bootstrapping mirrormode
Index(es):
- Chronological
- Thread