[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Solaris 10 native Client with TLS to OpenLDAP

To: openldap-technical@openldap.org
Subject: Re: Solaris 10 native Client with TLS to OpenLDAP
From: John Gee <john@kleinfeld.ch>
Date: Wed, 8 Oct 2008 08:08:28 +0200
Content-disposition: inline
In-reply-to: <87fxn88bye.fsf@rubin.l4b.de>
References: <20081007164812.GA536@sandbox.kleinfeld.ch> <87fxn88bye.fsf@rubin.l4b.de>
User-agent: Mutt/1.4.2.2i

Thanks for your reply Dieter.

On Tue, Oct 07, 2008 at 09:03:21PM +0200, Dieter Kluenter wrote:
> John Gee <john@kleinfeld.ch> writes:
> 
> > -( solaris 10 - client )----
> >
[...]
> > # list cert-db
> >   certutil -L -d /var/ldap
> >   ca-cert                                                    CT,,
> >   ldap02.kleinfeld.ch                                        C,,
> >   ldap01.kleinfeld.ch                                        C,,
> 
> The server presents the server certificate (ldap01.kleinfeld.ch),
> the ldap client presents the CA but the server expects a client
> certificate. Change slapd.conf not to verfiy a client certificate.

Well, i already have  "TLSVerifyClient never" entry in slapd.conf.
I think there must be a option on client side (Solaris 10 native 
client). When using openLDAP Client with the following options in 
ldap.conf it works (but not with the native client)
TLS_CACERT /etc/ssl/certs/cacert.pem 
TLS_REQCERT never 

- John

Follow-Ups:
- Re: Solaris 10 native Client with TLS to OpenLDAP
  - From: Dieter Klünter <dieter@dkluenter.de>

References:
- Solaris 10 native Client with TLS to OpenLDAP
  - From: John Gee <john@kleinfeld.ch>
- Re: Solaris 10 native Client with TLS to OpenLDAP
  - From: "Dieter Kluenter" <dieter@dkluenter.de>

Prev by Date: Re: problem searching directory for a certificate
Next by Date: ldapadd error
Index(es):
- Chronological
- Thread