[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: slapd verifyclient fails on demand
- To: openldap-technical@openldap.org
- Subject: Re: slapd verifyclient fails on demand
- From: Ryan Tandy <ryan@nardis.ca>
- Date: Mon, 20 Apr 2015 12:41:19 -0700
- Content-disposition: inline
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nardis.ca; s=google; h=date:from:to:subject:message-id:mail-followup-to:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; bh=bqw1Lknr2OvBBSHm7yaVCjJnFn1d/CCFEJqZNPNJ3dU=; b=e2eYLzyObbe5yfnVZQ1VG23a6sK/KJqqy7ceR29OhRRzr9LZyPHmWtftQKHYZsPikA xIbAxYCznWgRw/Gitm76EkiDZetJE0Q2+Oa329Q3GEnAPqp9MMwkz4WOTeU4PyazATsl B/aFRuzVQczInlSyBY6GHCH7y0wXP0of8qG9A=
- In-reply-to: <20150420180747.GA10947@kernelbug.org>
- Mail-followup-to: openldap-technical@openldap.org
- References: <20150420180747.GA10947@kernelbug.org>
- User-agent: Mutt/1.5.21 (2010-09-15)
On Mon, Apr 20, 2015 at 08:07:48PM +0200, E.therepa wrote:
ldap.conf
# TLS certificates (needed for GnuTLS)
TLS_CACERT /etc/ldap/ssl/ca-cert.pem
TLS_CERT /etc/ldap/ssl/clients/lrc-ldapsearch.crt
TLS_KEY /etc/ldap/ssl/clients/lrc-ldapsearch.key
TLS_REQCERT hard
<snip>
As far as i can see and found info my client and servers TLS settings are configured properly.
What i really don't get is that the client doesnt send his certs to the server.
We made some progress on this in IRC: as noted in ldap.conf(5), the
TLS_KEY option is only valid in a user ldaprc, not the system-wide
ldap.conf, so it was being ignored.