[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Problems with SASL and TLS
> I have successfully configured SLAPD to use TLS with a self-signed
> certificate.
> I basically used the openSSL description of creating a self-signed
> certificate for Apache. However, when I try and connect to it with
> SLURPD it fails. I verified that it works with other clients however.
> Is this the idea behind TLS=[critical|yes]? I don't see how SLURPD
> would accept this certificate. I did try to use the same certificate
> on both of the servers but this didn't help. Is this correct?
here are the relevant pieces of what i have in my slapd.conf:
TLSCertificateFile /etc/openldap/server.pem
TLSCertificateKeyFile /etc/openldap/server.pem
TLSCACertificateFile /etc/openldap/server.pem
replogfile /etc/openldap/slurpd.replog
replica host=192.168.1.2:389
binddn="cn=manager,dc=example,dc=net"
bindmethod=simple
credentials=mypasswd
tls=yes
you should generate the key like this:
# openssl req -new -x509 -nodes -out server.pem -keyout server.pem -days 365
note. this used to work great for me however since i recompiled to use a
non-standard location (--prefix=/opt/openldap-2.0.7-1) i've found that tls
based replication does not work, though "ldapsearch -ZZ ..." does work. i
have yet to find a solution to this.
adam.