[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLSVerifyClient => no login possible

To: openldap-technical@openldap.org
Subject: Re: TLSVerifyClient => no login possible
From: "Dieter Kluenter" <dieter@dkluenter.de>
Date: Wed, 25 Feb 2009 10:37:51 +0100
In-reply-to: <49A4693D.2040205@lmv-hartmannsdorf.de> (Sebastian Reinhardt's message of "Tue, 24 Feb 2009 22:40:13 +0100")
References: <49A4693D.2040205@lmv-hartmannsdorf.de>
User-agent: Gnus/5.1008 (Gnus v5.10.8) XEmacs/21.5-b28 (linux)

Sebastian Reinhardt <snr@lmv-hartmannsdorf.de> writes:

> Hello,
>
> I have configured an openSUSE 11.0 (x86_64) with openldap- server. Also
> the  TLS is activated. All clients are set to "TLS_REQCERT    demand"
> and is working.
> Then I created client certificates by using the servers Yast2 CA-
> management. I copied teh client certificates and also the servers
> "cacert" into the "/etc/openldap/" directory on client computer. With
> "TLSVerifyClient allow" clients can login, but if I activate the
> "TLSVerifyClient demand" option in servers slapd.conf no user can
> perform an login and it causes errors in /var/log/messages:
[...]

> What is wrong? The clients certificate "common name" is set to the
> clients hostname. Is this ok?

Clients don't read slapd.conf(5) but only ldap.conf(5), run slapd with
debug level 3 to analyse the tls session.

-Dieter

-- 
Dieter KlÃnter | Systemberatung
http://www.dpunkt.de/buecher/2104.html
sip: +49.180.1555.7770535
GPG Key ID:8EF7B6C6
53Â08'09,95"N
10Â08'02,42"E

Follow-Ups:
- Re: TLSVerifyClient => no login possible
  - From: Sebastian Reinhardt <snr@lmv-hartmannsdorf.de>

References:
- TLSVerifyClient => no login possible
  - From: Sebastian Reinhardt <snr@lmv-hartmannsdorf.de>

Prev by Date: TLSVerifyClient => no login possible
Next by Date: Re: contextCSN
Index(es):
- Chronological
- Thread