[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: openldap-2.0/TLS certificate error

To: Mark Valence <kurash@sassafras.com>
Subject: RE: openldap-2.0/TLS certificate error
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Tue, 13 Jun 2000 12:53:39 -0700
Cc: "Cheng, Ted C" <Ted.Cheng@ca.com>, openldap-devel@OpenLDAP.org
In-reply-to: <v04220812b56c3e9c7780@[192.168.0.8]>
References: <C58849E5BCF6D311B07E009027863A9001A92CCE@usilms08.cai.com> <C58849E5BCF6D311B07E009027863A9001A92CCE@usilms08.cai.com>

At 03:46 PM 6/13/00 -0400, Mark Valence wrote:
>
>I'm a bit shaky on the client side, maybe someone else has a more 
>definitive answer.
>
>>How about on the client side? That is, how does
>>a client present certificate to slapd when requested?
>
>You need to set TLS_KEY in your ldap.conf file to the path to your 
>private key file, and TLS_CERT as well.  In any case, this option is 
>not fully implemented, since the server does not use the identity 
>from the certificate.
>
>>and, how does a client verify server certificate
>>when presented?
>
>That's not implemented yet.  When it is, you'll need to have 
>TLS_CACERT and TLS_CERT entries in ldap.conf.

BTW, someone needs to go through the ldap.conf/.ldaprc TLS options
(init.c) marking those which are per-user as 'user-only'.

Kurt

References:
- RE: openldap-2.0/TLS certificate error
  - From: "Cheng, Ted C" <Ted.Cheng@ca.com>
- RE: openldap-2.0/TLS certificate error
  - From: Mark Valence <kurash@sassafras.com>

Prev by Date: RE: openldap-2.0/TLS certificate error
Next by Date: Distribution Lists
Index(es):
- Chronological
- Thread