[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problems with SASL and TLS

To: Andrew Newman <anewman@pisoftware.com>
Subject: Re: Problems with SASL and TLS
From: Adam Shand <larry@spack.org>
Date: Wed, 28 Feb 2001 13:00:43 -0800 (PST)
Cc: <openldap-software@OpenLDAP.org>
In-reply-to: <3A9CAB89.4040307@pisoftware.com>

> I have successfully configured SLAPD to use TLS with a self-signed
> certificate.
>   I basically used the openSSL description of creating a self-signed
> certificate for Apache.  However, when I try and connect to it with
> SLURPD it fails.  I verified that it works with other clients however.
> Is this the idea behind TLS=[critical|yes]?  I don't see how SLURPD
> would accept this certificate.  I did try to use the same certificate
> on both of the servers but this didn't help.  Is this correct?

here are the relevant pieces of what i have in my slapd.conf:

TLSCertificateFile      /etc/openldap/server.pem
TLSCertificateKeyFile   /etc/openldap/server.pem
TLSCACertificateFile    /etc/openldap/server.pem

replogfile /etc/openldap/slurpd.replog
replica host=192.168.1.2:389
        binddn="cn=manager,dc=example,dc=net"
        bindmethod=simple
        credentials=mypasswd
        tls=yes

you should generate the key like this:

# openssl req -new -x509 -nodes -out server.pem -keyout server.pem -days 365

note.  this used to work great for me however since i recompiled to use a
non-standard location (--prefix=/opt/openldap-2.0.7-1) i've found that tls
based replication does not work, though "ldapsearch -ZZ ..." does work.  i
have yet to find a solution to this.

adam.

References:
- Problems with SASL and TLS
  - From: Andrew Newman <anewman@pisoftware.com>

Prev by Date: ldbmcat -> ldif -> ldif2index problem
Next by Date: trouble starting slapd
Index(es):
- Chronological
- Thread