[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: olcTLSVerifyClient: demand not taking effect

--On Tuesday, March 13, 2012 11:03 AM -0700 Peter Wood <peterwood.sd@gmail.com> wrote:

On Mon, Mar 12, 2012 at 9:41 PM, Quanah Gibson-Mount <quanah@zimbra.com>

--On Monday, March 12, 2012 6:52 PM -0700 Peter Wood
<peterwood.sd@gmail.com> wrote:


I setup openldap-2.4.23 server

Why? ÂI'd suggest you start with the current release, 2.4.30. ÂYou may
also want to look at <http://www.openldap.org/its/index.cgi/?findid=7197>

That's the openldap version in centos6.2 repo. In production I try to
stick with stock versions.

Also I tried all variations ofÂolcTLSVerifyClient: [demand|hard|true]
with the same result.

I don't think StartTLS is enabled. I'm wondering if just
andÂolcTLSCertificateKeyFile is enough to get StartTLS enabled.

It's very frustrating. I'd hate to go to ldaps just because I can't get
StartTLS working.

Is there anything else I have to set on the server to get StartTLS

How are you testing to see if it or is not working? Just run ldapsearch -x -ZZ -H ldap://<hostname>

to force startTLS



Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
Zimbra ::  the leader in open source messaging and collaboration