[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: TLS config question
Thanks for your reply ...
I tried your suggestion, and now get:
$ ldapsearch -H "ldaps://localhost:636" -b "cn=Manager,dc=mydomain,dc=com"
ldap_sasl_interactive_bind_s: Can't contact LDAP server
and this in the log:
Jun 10 22:53:09 hotdog slapd[16865]: slapd starting
Jun 10 22:53:41 hotdog slapd[16867]: daemon: conn=0 fd=9 connection from IP=127.0.0.1:33573 (IP=127.0.0.1:31746) accepted.
Jun 10 22:53:41 hotdog slapd[16867]: conn=-1 fd=9 closed
Couldn't locate TLS_CACERT in the ldap.conf man page. Can you point me
toward some doc?
-Mark
On 06/10/02, I received this from kervin@blueprint-tech.com:
>
> Did you specify your cert CA in your ldap.conf on the client? 2.1 is
> finicky { I love that word :) } about that.
>
> eg.
> TLS_CACERT /ssl/slapdca.crt
>
> You don't need to break up the PEM file ( I think ), but you do need
> have have the CA cert on the client side, so that the client can test
> the validity of the cert.
>
>
> --Kervin
>
> Mark Johnson wrote:
> >I've installed cyrus-sasl-2.1.2 and openldap-2.0.23, set up a simple
> >slapd.conf and test database.
> >
> >When I run slapd with defaults,
> >$ ldapsearch -x -H "ldap://localhost:389"; -b
> >"cn=Manager,dc=mydomain,dc=com"
> >produces the expected result.
> >
> >Now I add these two lines to slapd.conf:
> >TLSCertificateFile /usr/local/etc/httpd/ssl.crt/snakeoil-rsa.crt
> >TLSCertificateKeyFile /usr/local/etc/httpd/ssl.key/snakeoil-rsa.key
> >and run:
> ># /usr/local/libexec/slapd -h ldaps://localhost:636
> >
> >But:
> >$ ldapsearch -x -H "ldaps://localhost:636" -b
> >"cn=Manager,dc=mydomain,dc=com"
> >ldap_bind: Can't contact LDAP server
> >
> >The log shows this:
> >Jun 10 19:16:41 hotdog slapd[16217]: slapd starting
> >Jun 10 19:17:05 hotdog slapd[16219]: daemon: conn=0 fd=9 connection from
> >IP=127.0.0.1:33538 (IP=127.0.0.1:31746) accepted. Jun 10 19:17:05 hotdog
> >slapd[16219]: conn=-1 fd=9 closed
> >What does it mean?
> >
> >TIA,
> >
>
>
>
>
>
--
Mark Johnson
markj@gilanet.com