[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap proxy: schema issue



"jerrrry@voila.fr" <jerrrry@voila.fr> writes:

> Hi,
>
> Thanks for your help.
[...]
> Now i'm trying to get a ldaps connection with the backend ldap server.
> I want my openldap proxy to check the backend certificate with the CA
> certificate that i put after TLSCACertificateFile.
>
> The issue is that the ldaps connection works everytime without checking the
> backend server certificate.
>
> The configuration line with TLSCACertificateFile  has no effect on the ssl
> connection !
>
> I saw that TLSVerifyClient enable to force the certificate check of the client
> conneting to my openldap proxy but i don't see how to force the openldap proxy
> to check the backend server certificate.:p>

In this particular case back-ldap acts as a client, thus client
specific configurations are read from ldap.conf

> Then, i had 2 .cer CA certificate (a root and an intermediate)  that i concat
> in 1 certificate. Does openldap support .cer ? or should i rename it in .pem ?

OpenLDAP only supports pem format.

-Dieter

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
N 53°37'10.08"
E 10°08'02.82"
GPG Key ID:8EF7B6C6