[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: TLSVerifyClient demand
- To: openldap-software@OpenLDAP.org
- Subject: Re: TLSVerifyClient demand
- From: Ralf Haferkamp <rhafer@suse.de>
- Date: Fri, 3 Dec 2004 12:35:50 +0100
- Content-disposition: inline
- In-reply-to: <1101597089.26807.6.camel@columbus.webtent.org>
- References: <1101597089.26807.6.camel@columbus.webtent.org>
- User-agent: KMail/1.7.1
On Sunday 28 November 2004 00:11, Robert Fitzpatrick wrote:
> I have all the TLS working well, but if I set the slapd.conf file on the
> server to TLSVerifyClient to demand, my SuSE workstation will not find
> users and groups in LDAP. However, I can login as root and do a
> ldapsearch -x -Z and works fine. Does this mean SuSE is not sending a
> certificate?
Did you configure nss/pam_ldap to send client certificates? For how to do that
please have a look at /etc/ldap.conf. The settings in /etc/openldap/ldap.conf
and .ldaprc don't have an effect on nss_ldap/pam_ldap.
Note: This is slightly off topic here, as nss_ldap/pam_ldap configuration is
not a topic of this list. The pam_ldap/nss_ldap lists on PADL.com might be a
better forum to discuss this.
> If so, is there a way to make the machine use one
> considering PAM and LDAP? Sure enough, if I relax the TLSVerifyClient in
> slapd.conf to try, then all works fine.
--
Ralf Haferkamp
SUSE LINUX Products GmbH, Maxfeldstrasse 5, D-90409 Nuernberg
T: +49-911-74053-0
F: +49-911-74053575 - Ralf.Haferkamp@suse.com