Re: Netscape address book as an SSL LDAP Client?

[Marian Steinbach <marian@ds.fh-koeln.de>]

Hi Dave!

Thanks for the answer. As this tip worked out well, I send it to the 
list, too.

<overhead>
This is kinda stupid! Netscape Communicator should definitely be marked 
DEPRECATED! Does anybody have information on the LDAP+TLS status in 
Mozilla? Unencrypted LDAP works out well, although it doesn't have the 
full featured front end yet. Mail adresses are looked up during entry in 
the mail composition window, but not in the "Adressing" dialog, neither 
in the address book.
</overhead>

Dave Lewney wrote:

> Marian Steinbach wrote:
>
> > Hi!
> >
> > Since yesterday I have OpenLDAP 2.0.11 serving both ldap:// and ldaps//.
> > I can do searches locally using "ldapsearch -x -ZZ ..." and I can also
> > search the directory using Microsoft Outlook Express, having SSL activated.
> >
> > But, I can't connect to the server using the Netscape Address Book (from
> > Communicator 4.77 an Win32) with SSL activated. I get some Errors like
> > "SSL_v3: bad certificate" in the serve side and an "Unknown Error" on
> > the client side.
> >
> > Is this a known problem with Communicator, or do I have an issue on the
> > server side?
> >
> > The FAQ-O-Maatic talks about testing TLS with Netscape, so I guess it
> > should work, right?
> >
> > Thanks!
> >
> > Marian
>
> Hi,
>
> I've got Netscape Address Book working over SSL ok. You need to tell
> Netscape to trust the certificate on the LDAP server. One way to do this
> is to go to 
>
> https://your.ldap.server:636/   # Note it is https
>                                                 ^
>
> and follow the dialogue. You should then be able to do secure lookups.
>   The other way is to tell netscape to trust the CA that signed the
> LDAP certificate. Can't remember how to do this but I can find out if
> you want.
>   Good luck.
>
> Dave
> --
> Dave Lewney
> Principal Systems Programmer, Computing Service
> University of Sussex, Brighton BN1 9QJ. Tel: 01273 678354 Fax: 01273
> 271956