Re: Solaris 10 native Client with TLS to OpenLDAP

[Dieter Klünter <dieter@dkluenter.de>]

Hello John,

Am Mittwoch, den 08.10.2008, 08:08 +0200 schrieb John Gee:
> Thanks for your reply Dieter.
> 
> On Tue, Oct 07, 2008 at 09:03:21PM +0200, Dieter Kluenter wrote:
> > John Gee <john@kleinfeld.ch> writes:
> > 
> > > -( solaris 10 - client )----
> > >
> [...]
> > > # list cert-db
> > >   certutil -L -d /var/ldap
> > >   ca-cert                                                    CT,,
> > >   ldap02.kleinfeld.ch                                        C,,
> > >   ldap01.kleinfeld.ch                                        C,,
> > 
> > The server presents the server certificate (ldap01.kleinfeld.ch),
> > the ldap client presents the CA but the server expects a client
> > certificate. Change slapd.conf not to verfiy a client certificate.

I just had to switch to my Solaris box in order to test ldapclient. I'am
referring to your initial mail now.
with certutil you created a cerficate database which includes the server
certificates, these are presented to the ldap server as client
certificates. Remove this server certificates from the repository and
just leave the ca-cert in order to verify the server certificate. This
setup I just tested successfully on my Solaris box.

-Dieter