[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: openldap-2.0/TLS certificate error
At 03:46 PM 6/13/00 -0400, Mark Valence wrote:
>
>I'm a bit shaky on the client side, maybe someone else has a more
>definitive answer.
>
>>How about on the client side? That is, how does
>>a client present certificate to slapd when requested?
>
>You need to set TLS_KEY in your ldap.conf file to the path to your
>private key file, and TLS_CERT as well. In any case, this option is
>not fully implemented, since the server does not use the identity
>from the certificate.
>
>>and, how does a client verify server certificate
>>when presented?
>
>That's not implemented yet. When it is, you'll need to have
>TLS_CACERT and TLS_CERT entries in ldap.conf.
BTW, someone needs to go through the ldap.conf/.ldaprc TLS options
(init.c) marking those which are per-user as 'user-only'.
Kurt