[Date Prev][Date Next] [Chronological] [Thread] [Top]

Problem when activation TLSVerifyClient demand

To: openldap-software@openldap.org
Subject: Problem when activation TLSVerifyClient demand
From: JOYDEEP <j.bakshi@unlimitedmail.org>
Date: Mon, 12 Mar 2007 14:30:03 +0530
User-agent: Thunderbird 1.5 (X11/20060317)

dear list,

I have no problem to execute the command
                       
                        ldapsearch -H ldaps://  -u  "uid=anupam" -x

here is my TLS part of slapd.conf
----------------------------------------
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCertificateFile            /etc/openldap/myca/servercert.pem
TLSCertificateKeyFile        /etc/openldap/myca/serverkey.pem
TLSCACertificateFile         /etc/openldap/myca/cacert.pem
TLSVerifyClient  never
-----------------------------------------------------------

Now when I change the [TLSVerifyClient  never]   to    
[TLSVerifyClient  demand]
and try to execute the same command  *  ldapsearch -H ldaps://  -u 
"uid=anupam" -x  *
it gives errors like

ldap_bind: Can't contact LDAP server (-1)
        additional info: error:14094410:SSL
routines:SSL3_READ_BYTES:sslv3 alert handshake failure

Could any one suggest  the problem I have here and the solution please ?

Follow-Ups:
- Re: Problem when activation TLSVerifyClient demand
  - From: Greg Martin <gmartin@gmartin.org>

Prev by Date: How to restrict user authentication in ldapsearch ?
Next by Date: Re: LDAP/BDB log purging
Index(es):
- Chronological
- Thread