Re: SASL External : unknown authentication method

[Francois Beretti <francois.beretti@enatel.com>]

Le mer 07/05/2003 à 19:16, Dieter Kluenter a écrit :
> Hello,

Hello Dieter,

> > ldapsearch -Z works well, my sever and client certs are both valid,
> 
> A single -Z doesn't require a successful operation

Well, it works with -ZZ too :

[francois@linux-integ francois]$ ldapsearch -ZZ -x -D
"cn=root,dc=enatel,dc=local" -W
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (objectclass=*)
# requesting: ALL
#

# enatel.local
dn: dc=enatel,dc=local
objectClass: domain
dc: enatel
[...]

> 
> > I got :
> > TLSCertificateFile      /etc/openldap/tls/cert.pem
> > TLSCertificateKeyFile   /etc/openldap/tls/cert.key
> > TLSCACertificateFile    /demoCA/cacert.pem
> > TLSVerifyClient         demand
> > in my slapd.conf.
> 
> The TLSCertifcateKeyFile must be in .pem format

yes it is, I just renamed it

> 
> > TLS trace: SSL_accept:error in SSLv3 read client certificate A
> > TLS trace: SSL_accept:error in SSLv3 read client certificate A
> > connection_get(9): got connid=0
> 
> There is an error in your client certificate

but I verified it :

[francois@linux-integ francois]$ openssl verify -CAfile
/demoCA/cacert.pem /home/francois/tls/francois-cert.pem
/home/francois/tls/francois-cert.pem: OK

Thanks for your help

Francois

> 
> [...]
> 
> -Dieter
> 
> -- 
> Dieter Kluenter  | Systemberatung
> Tel:040.64861967 | Fax: 040.64891521
> mailto: dkluenter@schevolution.com
> http://www.schevolution.com/tour