[Date Prev][Date Next]
Re: olcTLSVerifyClient: demand not taking effect
--On Tuesday, March 13, 2012 11:03 AM -0700 Peter Wood
On Mon, Mar 12, 2012 at 9:41 PM, Quanah Gibson-Mount <email@example.com>
--On Monday, March 12, 2012 6:52 PM -0700 Peter Wood
I setup openldap-2.4.23 server
Why? ÂI'd suggest you start with the current release, 2.4.30. ÂYou may
also want to look at <http://www.openldap.org/its/index.cgi/?findid=7197>
That's the openldap version in centos6.2 repo. In production I try to
stick with stock versions.
Also I tried all variations ofÂolcTLSVerifyClient: [demand|hard|true]
with the same result.
I don't think StartTLS is enabled. I'm wondering if just
andÂolcTLSCertificateKeyFile is enough to get StartTLS enabled.
It's very frustrating. I'd hate to go to ldaps just because I can't get
Is there anything else I have to set on the server to get StartTLS
How are you testing to see if it or is not working? Just run ldapsearch -x
-ZZ -H ldap://<hostname>
to force startTLS
Sr. Member of Technical Staff
A Division of VMware, Inc.
Zimbra :: the leader in open source messaging and collaboration