[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Client auth to slapd TLS issues

To: Philip Bellino <pbellino@mrv.com>
Subject: Re: Client auth to slapd TLS issues
From: Howard Chu <hyc@symas.com>
Date: Mon, 12 Mar 2007 19:52:51 -0700
Cc: openldap-software@openldap.org
In-reply-to: <4D8794260B62C940BBA7150CC5EB3BD4A463C2@bosmail.BOS.int.mrv.com>
References: <4D8794260B62C940BBA7150CC5EB3BD4A463C2@bosmail.BOS.int.mrv.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a3pre) Gecko/20070307 SeaMonkey/1.5a

Philip Bellino wrote:

Hello, Running openldap -2-3-32 with SLAPD on a linux server. Also running openldap-2-3.32 on a linux client.

slapd.conf includes:

TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCACertificateFile /usr/local/etc/openldap/cacert.pem
TLSCertificateFile /usr/local/etc/openldap/servercert.pem
TLSCertificateKeyFile /usr/local/etc/openldap/newkey.pem
TLSVerifyClient never (or allow)


Issue1: Here is the debug output from the openldap code if the ldap.conf
file has the following in it when I try authentication:

TLS_CACERT cacert.pem
TLS_CACERTDIR /usr/local/etc/openldap/

All of the TLS cert-related directives take fully qualified pathnames. There is no relation between TLS_CACERT and TLS_CACERTDIR, just put the full path the cacert.pem in TLS_CACERT. Read the Admin Guide, Chapter 12.

Can anyone tell me why I get this error?
Any help would be most appreciated. Thanks, Phil Bellino ============================ Phil Bellino MRV Communications, Inc. Boston Product Division 295 Foster St. Littleton,MA 01460 Tel: (978)952-4807 Email: pbellino@mrv.com ============================

--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  Chief Architect, OpenLDAP     http://www.openldap.org/project/

References:
- Client auth to slapd TLS issues
  - From: "Philip Bellino" <pbellino@mrv.com>

Prev by Date: Re: Ghosting Data
Next by Date: New superior without new RDN
Index(es):
- Chronological
- Thread