[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS issues when setting olcTLSCACertificateFile to the CA bundle

So you problem is, that you have signed your server cert with a CA from
a CA chain and your clients with another CA and you don't want clients
to connect, not signed by your client CA?

This sounds more like a case for ACLs and matching rules, since you
AFAIK you cannot tell ldap to only trust a CA for server cert
verification purposes. A CA is trusted or not.

Technische Universität Berlin - FGINET

Bernd May

System Administration
An-Institut Deutsche Telekom Laboratories
Sekr. TEL 16
Ernst-Reuter-Platz 7
10587 BERLIN

Mobile: 0160/90257737
E-Mail: bernd@net.t-labs.tu-berlin.de (T-Labs work)
WWW:    net.t-labs.tu-berlin.de

Attachment: signature.asc
Description: OpenPGP digital signature