[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLSVerifyClient demand

To: openldap-software@OpenLDAP.org
Subject: Re: TLSVerifyClient demand
From: Ralf Haferkamp <rhafer@suse.de>
Date: Fri, 3 Dec 2004 12:35:50 +0100
Content-disposition: inline
In-reply-to: <1101597089.26807.6.camel@columbus.webtent.org>
References: <1101597089.26807.6.camel@columbus.webtent.org>
User-agent: KMail/1.7.1

On Sunday 28 November 2004 00:11, Robert Fitzpatrick wrote:
> I have all the TLS working well, but if I set the slapd.conf file on the
> server to TLSVerifyClient to demand, my SuSE workstation will not find
> users and groups in LDAP. However, I can login as root and do a 
> ldapsearch -x -Z and works fine. Does this mean SuSE is not sending a
> certificate? 
Did you configure nss/pam_ldap to send client certificates? For how to do that 
please have a look at /etc/ldap.conf. The settings in /etc/openldap/ldap.conf 
and .ldaprc don't have an effect on nss_ldap/pam_ldap.
Note: This is slightly off topic here, as nss_ldap/pam_ldap configuration is 
not a topic of this list. The pam_ldap/nss_ldap lists on PADL.com might be a 
better forum to discuss this.

> If so, is there a way to make the machine use one 
> considering PAM and LDAP? Sure enough, if I relax the TLSVerifyClient in
> slapd.conf to try, then all works fine.

-- 
Ralf Haferkamp
SUSE LINUX Products GmbH, Maxfeldstrasse 5, D-90409 Nuernberg
T: +49-911-74053-0
F: +49-911-74053575 - Ralf.Haferkamp@suse.com

Prev by Date: BDB memory cache problem
Next by Date: Re: BDB memory cache problem
Index(es):
- Chronological
- Thread