[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Client - Server Authentication Using Certificates
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Igor Brezac
> > So my second questions is what do I need to add to the
> configuration to
> > enable this to be done. I have append the relevant lines from the
> > configuration files to the end of this mail.
> > ldap.conf
> >
> > TLS_CACERT /etc/grid-security/certificates/fa3af1d7.0
> > TLS_CERT /etc/grid-security/hostcert.pem
> > TLS_KEY /etc/grid-security/hostkey.pem
> >
> >
> > slapd.conf
> >
> > TLSCACertificateFile /etc/grid-security/certificates/fa3af1d7.0
> > TLSCertificateFile /etc/grid-security/hostcert.pem
> > TLSCertificateKeyFile /etc/grid-security/hostkey.pem
> > TLSVerifyClient demand
>
> This will not work unless the hostcert.pem subject is a valid DN. You
> probably need to generate a separate client cert (for ldap.conf).
You cannot specify user certificates in ldap.conf. This is clearly stated in
both the Admin Guide and the manpages. User certificate configuration must be
done in the user's .ldaprc file.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support