[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS works not proper.

To: openldap-software@OpenLDAP.org
Subject: Re: TLS works not proper.
From: Turbo Fredriksson <turbo@bayour.com>
Date: 30 Jun 2004 07:45:58 +0200
In-reply-to: <200406291539.47528.oliver.hoffmann@uw-service.de>
Organization: LDAP/Kerberos expert wannabe
References: <200406291539.47528.oliver.hoffmann@uw-service.de>
User-agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7

Quoting Oliver Hoffmann <oliver.hoffmann@uw-service.de>:

> Encryption seems to work half now. These are the new problems.
> 
> A search from a local user shows:
> bash-2.05b$ ldapsearch -v -n -Z -b 'dc=testldap,dc=org'

Try double Z's (ldapsearch -ZZ) instead. If there's something
wrong, ldapsearch will fail. In your case, it will continue
even if there's something wrong...

> The user's ldaprc:
> 
> # Override global directive (if set)
> TLS_REQCERT demand
> 
> # client authentication
> TLS_CERT /home/admin/ldap.client.pem
> TLS_KEY /home/admin/ldap.client.key.pem

The client needs to know about the CA cert. Either in the
global LDAP client config or the user ldaprc.

----- s n i p -----
ida:~# grep TLS /etc/ldap/ldap.conf
TLS_CACERT      /etc/ldap/cacert.pem
----- s n i p -----

References:
- TLS works not proper.
  - From: Oliver Hoffmann <oliver.hoffmann@uw-service.de>

Prev by Date: Re: LDAP TLS/SSL Security problem
Next by Date: Re: Is the Mozilla LDIF export bogus?
Index(es):
- Chronological
- Thread