[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Different TLSVerifyClient possible?

To: openldap-software@OpenLDAP.org
Subject: Re: Different TLSVerifyClient possible?
From: Martin Lesser <admin-openldap@better-com.de>
Date: Tue, 12 Aug 2003 22:10:05 +0200
In-reply-to: <OF246E196D.A8B46E86-ON87256D80.0065F333@us.ibm.com>
References: <OF246E196D.A8B46E86-ON87256D80.0065F333@us.ibm.com>

Kent Soper writes:

For clarification, /etc/ldap.conf is the LDAP PAM configuration file.

No. /etc/[openldap|ldap/]ldap.conf is also used by openldap itself and contains at least the uri|host, searchbase etc. which are used by ldapsearch et al.

Only some (linux-) distributions (debian) split ldap.conf (for openldap) and pam_ldap.conf (for pam_ldap) into two parts.

User-only TLS directives do not belong in the OpenLDAP client ldap.conf
file.

Ack. That's why I said "using TLS_CERT in ldap.conf is suboptimal".

Any better solution for the problem described before is welcome.

Martin

Follow-Ups:
- Re: Different TLSVerifyClient possible?
  - From: Dieter Kluenter <dieter@dkluenter.de>

References:
- Re: Different TLSVerifyClient possible?
  - From: Kent Soper <dksoper@us.ibm.com>

Prev by Date: Re: Different TLSVerifyClient possible?
Next by Date: OpenLDAP client with SunOne (aka iPlanet) server - works?
Index(es):
- Chronological
- Thread