I found out that the problem was double encrypting of the connection:
What does it mean "double encrypting of the connection"?
This makes much more sense: your TLS configuration is broken. Are you using a self-signed certificate? Or, is your certificate signed by the CA to whom the certificate pointed by TLSCACertificateFile belongs?It works now if I set TLSVerifyClient to max. allow on the consumer side. All stronger configurations end in: CA unknown.
Thanks anyway
Angela
Here the concerning parts of the slapd.conf: ***************************************************************** master: ...
... TLSCACertificateFile /etc/ldap/certs/cacert.pem TLSCACertificatePath /etc/ldap/certs TLSCertificateFile /etc/ldap/certs/erde.aag_cert.pem TLSCertificateKeyFile /etc/ldap/certs/erde.aag_key.pem
TLSVerifyClient demand
***************************************************************** slave:
TLSCACertificateFile /etc/ldap/certs/cacert.pem TLSCACertificatePath /etc/ldap/certs TLSCertificateFile /etc/ldap/certs/mond.aag_cert.pem TLSCertificateKeyFile /etc/ldap/certs/mond.aag_key.pem
################## TLSVerifyClient demand ##################
This has to be set to max allow.
... to disallow certificate checking. Fine if that's what you want.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati@sys-net.it ------------------------------------------