[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP and TLS/SSL (was: Re: Afg! Client won't use LDAP)



Phil Dibowitz wrote:

Mitrana Cristian wrote:

It could be a hostname/certificate problem. If the server's cert is tied to the FQDN then the outside clients
work as the cert is correct, but if you connect from the server itself to "localhost" then the certificate
is no longer valid. By the way,I think the SSL/TLS could be set up using "minssf" directive.



Good Call!! I haven't tested this, but the cert was made using the internal 192.168 addy, and the server is using localhost to contact itself! Thus I'd bet money that's the problem!


Also, I don't see a reference to this minssf directive... where are you getting that?

Thanks!


1. probably would be better to make a cert tied to a FQDN and to an IP.
2. about minssf - man ldap.conf (from OpenLDAP 2.X cvs branch, ,but certainly
applies to 2.1.x series also) .


mitu