[Date Prev][Date Next] [Chronological] [Thread] [Top]

Problem in start TLS in LDAP

To: dksoper@us.ibm.com, openldap-software@OpenLDAP.org
Subject: Problem in start TLS in LDAP
From: Mohana Sundaram <msivakum@npd.hcltech.com>
Date: Tue, 23 Sep 2003 17:04:49 +0530
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01

Hi all,

I have followed the steps in the following document.

http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html

Step 6 in this document is

6. Make the CA certificate available to your LDAP clients.
If the client is on the same machine, copy cacert.pem to a location accessible by the client. If clients are on other machines, then cacert.pem will have to be copied to those machines and also made accessible. quoted below:

If the client is on the same machine with the following ldap.conf file,

TLS_CACERT /usr/local/var/openldap-data/cacert.pem
TLS_REQCERT demand

it is working fine. If I comment out TLS_CACERT directive, the tls connection request is failing.
But If the client is on some other machine, then without the TLS_CACERT directive in that machine's ldap.conf file, the tls connection is succeding. Isn't this not correct? Can someone explain this behaviour?

Thanks,
- Mohan.

-- 
Mohana Sundaram K.S.
HCL Technologies
www.hcltechnologies.com/voip

Prev by Date: Re: bdb_equality_candidates: (objectClass) index_param failed
Next by Date: ldap_add: Object class violation (65)
Index(es):
- Chronological
- Thread