Re: LDAP and TLS/SSL (was: Re: Afg! Client won't use LDAP)

[Cristian Mitrana <cmitrana@xnet.ro>]

Phil Dibowitz wrote:

> Mitrana Cristian wrote:
>
> > It could be a hostname/certificate problem. If the server's cert is 
> > tied to the FQDN then the outside clients
> > work as the cert is correct, but if you connect from the server 
> > itself to "localhost" then the certificate
> > is no longer valid. By the way,I think the SSL/TLS could be set up 
> > using "minssf" directive.
>
>
>
> Good Call!! I haven't tested this, but the cert was made using the 
> internal 192.168 addy, and the server is using localhost to contact 
> itself! Thus I'd bet money that's the problem!
>
> Also, I don't see a reference to this minssf directive... where are 
> you getting that?
>
> Thanks!


1. probably would be better to make a cert tied to a FQDN and to an IP.
2. about minssf - man ldap.conf (from OpenLDAP 2.X cvs branch, ,but 
certainly
applies to 2.1.x series also) .

mitu