[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Client says Can't contact LDAP server, but it can!
On Fri, Jul 25, 2008 at 10:20:55AM +0200, Buchan Milne wrote:
> On Friday 25 July 2008 01:13:37 John Oliver wrote:
> > On Thu, Jul 24, 2008 at 04:04:10PM -0700, Quanah Gibson-Mount wrote:
> > > Any client will need to know about the CA that signed your self-signed
> > > cert.
> >
> > I created my certificate with:
> >
> > openssl req -new -x509 -nodes -out /etc/ssl/ldap.pem -keyout
> > /etc/openldap/ssl/ldap.pem -days 3650
> >
> > In slapd.conf I have:
> >
> > TLSCertificateFile /etc/ssl/ldap.pem
> > TLSCertificateKeyFile /etc/openldap/ssl/ldap.pem
> > TLSCACertificateFile /etc/ssl/ldap.pem
> >
> > What do I need to do differently?
>
> Configure the *client* ???
The clients work perfectly with the working server. Why would they have
to have a different configuration to talk to the backup LDAP server?
That would pretty much defeat the purpose of having multiple LDAP
servers ;-)
> Now, unless you've split the cert out separately, you're most likely going to
> be exposing the private key as well, which means there's pretty much no point
> to your encryption ....
To be honest, I have no idea about "splitting the cert". I know nothing
about OpenSSL. At the moment, I'm far more interested in getting the
second LDAP server working than I am in having perfect security. None
of these systems are on a public network.
--
***********************************************************************
* John Oliver http://www.john-oliver.net/ *
* *
***********************************************************************