[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Strange behavior with TLS with self-signed certs

On 1/6/2011 19:18, Michael Starling wrote:
I'm running openldap-2.3.43-12.el5 on a RHEL 5.5 system:

I find that TLS will not work if I use uri ldap://  in /etc/ldap.conf on my clients.

TLS magically starts working if I use the deprecated host directive instead:

So if I use host instead everything starts working:

Any insight as to what might be going on?..Possibly a bug?

Here are my TLS directives on my clients:

#TLS settings
ssl start_tls
ssl on
tls_cacertdir /etc/openldap/cacerts
tls_cacertfile /etc/openldap/cacerts/slapdcert.pem
tls_checkpeer no

try using uri ldaps:// .