Re: TLS confidentiality required error

[Mark <papajohns@giddieup.net>]

On Apr12, 15:57, Kurt D. Zeilenga wrote:
> 
> I assume you've purposely configured slapd(8) to require TLS
> confidentiality protections be established but have failed to
> properly configure PAM LDAP to actually establish those protections.
> PAM LDAP configuration is a topic for pamldap@padl.com mailing list.

well..i did "try" to configure for tls on both sides..i guess i  just have a mistake somewhere and i guess i have no idea wheres the mistake......

my slapd.conf tls settings..

# SSL/TLS 
TLSCipherSuite HIGH:+TLSv1:+SSLv2:+SSLv3 
TLSCACertificateFile /etc/depot/openldap/certs/cacert.pem 
TLSCertificateFile /etc/depot/openldap/certs/ldap.slapd-cert.pem 
TLSCertificateKeyFile /etc/depot/openldap/certs/ldap.slapd-key.pem 
security ssf=1 update_ssf=128 simple_bind=128 update_tls=128 tls=128 

my openldap ldap.conf's tls settings

TLS_REQCERT     never
TLS_CACERT      /etc/depot/openldap/certs/cacert.pem


my pam's ldap.conf tls

ssl start_tls
tls_cacertfile /etc/depot/openldap/certs/cacert.pem
tls_ciphers HIGH


> 
> If you believe the list is broke, contact its maintainers.
>

i dont think the list is broken....i get to see spam on the mailing list now and then...its just that no one ever posts..or at least i dont see the posts...other than my own...

m