| I got my configuration working
I have a ca.crt (a root cert from CAcert.org, you could create your own ca.crt) I have a server.key I have a server.crt (signed by ca.crt)
all setup in the slapd.conf file
I have ca.crt setup in the ldap.conf file on the slave
I happen to have TLS_VERIFY NEVER set, but I'm not sure that matters. I also have TLS_REQCERT ALLOW set, but because of above it's not used in the ldap.conf
I've set this up on Fedora, MDK, and OpenSolaris.
Sellers On Dec 21, 2007, at 12:19 PM, Quanah Gibson-Mount wrote: --On December 21, 2007 9:07:20 AM -0800 Quanah Gibson-Mount
<quanah@zimbra.com> wrote:
>
>
> --On December 21, 2007 11:22:10 AM +0100 RUMI Szabolcs <rumi_ml@rtfm.hu>
> wrote:
>> And at the clients:
>>
>> tls_cacertfile /etc/ssl/certs/CA.pem
>># tls_cacertdir /etc/ssl/certs
>> tls_cert /etc/openldap/ssl/ldap-client.crt
>> tls_key /etc/openldap/ssl/ldap-client.key
>>
>> Is this wrong?
>
> I've run into issues on some platforms, where I had to use the
> TLS_CACERTDIR directive in slapd.conf
Err, in ldap.conf or .ldaprc, I mean. ;)
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
______________________________________________
Chris G. Sellers | NITLE Technology |