[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Strange behavior with TLS with self-signed certs



On 1/6/2011 19:18, Michael Starling wrote:
I'm running openldap-2.3.43-12.el5 on a RHEL 5.5 system:

I find that TLS will not work if I use uri ldap://10.3.5.207/  in /etc/ldap.conf on my clients.

TLS magically starts working if I use the deprecated host directive instead:

So if I use host 10.3.5.207 instead everything starts working:

Any insight as to what might be going on?..Possibly a bug?

Here are my TLS directives on my clients:

#TLS settings
ssl start_tls
ssl on
tls_cacertdir /etc/openldap/cacerts
tls_cacertfile /etc/openldap/cacerts/slapdcert.pem
tls_checkpeer no

-Mike
try using uri ldaps://10.3.5.207/ .