I'm running openldap-2.3.43-12.el5 on a RHEL 5.5 system:|
I believe I have TLS encryption working but I'd like to be able to verify my client connections.
On my LDAP server I have the following in slapd.conf
On the client I have the following in /etc/ldap.conf
On the client /etc/openldap/ldap.conf
These commands work both from the client and server.
openssl s_client -connect servername:636 -showcerts
ldapsearch -x -H ldaps://servername -b dc=domain,dc=domain -D cn=root,dc=domain,dc=domain -W
So my first question would be does this guarantee encrypted sessions?
Second, if I change tls_checkpeer to yes then I can't contact the LDAP server. How can I verify my clients?