[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
SSL client certificate question and bdb_dn2id_matched question
- To: openldap-software@OpenLDAP.org
- Subject: SSL client certificate question and bdb_dn2id_matched question
- From: Bradley Scutvick <brad@bytewise.net>
- Date: Mon, 13 Jan 2003 06:01:28 -0800
- User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01
Hi,
I'm new to the exciting world of ldap, I just got SSL working but I
still haven't connected completely to the server. My questions:
1. the way I finally got SSL to work after having been very annoyed with
what appear to be somewhat common errors (cf google):
TLS trace: SSL3 alert read:fatal:unknown CA
TLS trace: SSL_accept:failed in SSLv3 read client certificate A
was to actually install what I assume are the CA and server certs (the
files cert7.db and key3.db, gleaned from a netscape visit to
https://myserver.com:636) on my client (Softerra LDAP browser). What I
don't understand is why the hell this made everything work, to a point,
when there's a directive in my slapd.conf: TLSVerifyClient never, that I
assumed meant slapd doesn't bother with client certs. Any help
understanding this would be great. I suspect it has more to do with SSL
than LDAP, but humor me please.
2. Now I get to this debug message and resultant error 49:
=> bdb_dn2id_matched( "cn=admin,dc=test1,dc=dns" )
<= bdb_dn2id_matched: no match
with these slapd.conf lines
database bdb
suffix "dc=test1,dc=dns"
rootdn "cn=admin,dc=test1,dc=dns"
rootpw tDCzXHLJSMYIuAhxeQFeJYrZ5wHqOrty
directory /usr/local/openldap/var/openldap-data
Is there some other way you have to add a user id to bdb or something?
I admit I haven't spent a lot of time on this one. If I've left out key
debug or config lines, please let me know and I'll post them, and thank
you very much in advance for any help.
-Brad