[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS problems with openldap



LÃVAI DÃniel <leva@ecentrum.hu> writes:

> On Monday 27 October 2008 16.36.41 Philip Guenther wrote:
>> On Mon, 27 Oct 2008, LÃVAI DÃniel wrote:
>> ...
[...]
>>
>> There are two ways to use LDAP with TLS/SSL:
>> 1) start the connection in cleartext and then use the StartTLS
>> extended-op to initiate a TLS layer, or
>> 2) negotiate a TLS/SSL layer immediately after connecting.
>>
> Alright, understood! Thanks!
>
>> The former is requested using the "ldap://"; schema with the -Z option
>> and is normally run on port 389.  The latter is requested using the
>> "ldaps://" schema and is normally run on port 636.  These are
>> distinct protocols: the client and server have to be talking the same
>> one or it just won't work.
>>
[...]

> With both ldapsearch(1) commands, I've been asked for my password, and I 
> typed something bogus intentionally, in the hope of getting the invalid 
> credentials message, but unfortunatelly, I didn't get it.

This sounds as if you have not removed the private part from the key,
see man rsa(1), pkcs8(1).
How did you create the certificates?

-Dieter

-- 
Dieter KlÃnter | Systemberatung
http://www.dpunkt.de/buecher/2104.html
sip: +49.180.1555.7770535
GPG Key ID:8EF7B6C6
53Â08'09,95"N
10Â08'02,42"E