[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: [seeking help] unknown CA



Great thanks to Tony and Howard!!!

I added 
	TLS_CACERT /usr/local/ssl/certs/ca-bundle.crt
to the ldap.conf and it now works like magic. Hope this is the correct
method? Thanks.

Regards,
Ben

> RedHat's openldap rpms are extremely old, they still ship OpenLDAP 2.0.25.
> The OpenLDAP 2.0 client library didn't do certificate verification by
> default, which is why your Linux install "works" without any CA cert
> configuration. It is working, but it's not providing any real security. Set
> the TLS_CACERT in the OpenLDAP ldap.conf file. Don't use TLS_CACERTDIR unless
> you've read the OpenLDAP Admin Guide and the OpenSSL docs and actually know
> what you're doing.