Quoting Howard Chu <hyc@symas.com>:
Turbo Fredriksson wrote:I've been playing with OpenSwan the last week and learned how to revoke certificates in the process. Usage of the CRL cert... In my slapd.conf's I have: TLSCACertificateFile /etc/ldap/cacert.pem TLSCertificateFile /etc/ldap/ldapsrv?_domain_tld.pub TLSCertificateKeyFile /etc/ldap/ldapsrv?_domain_tld.prv TLSVerifyClient try Where would the CRL cert fit in this? From what I can tell of the man page, nowhere.
Read the slapd.conf(5) manpage again, look for the TLSCRLCheck keyword.
Doesn't exist in man manual. When did that come? I'm running OpenLDAP v2.2.28.
--Quanah
-- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html