[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OpenLDAP with SSL
Hi,
there are 2 possible solutions.
1st: each client need the correct cert that he can connect.
2nd: if you wanna use ist like "ssl webpages", you need to set this in
slapd.conf
(disables client cert checking)
TLSVerifyClient never
regards
Am 04.12.2009 11:16, schrieb Chamith Kumarage:
> Hi Folks,
>
> I have setup openldap with SSL and i'm using self signed certs. I have
> included the following in my slapd.conf.
>
> TLSCipherSuite HIGH:MEDIUM:-SSLv2
> TLSCACertificateFile /etc/ldap/ssl/server.pem
> TLSCertificateFile /etc/ldap/ssl/server.pem
> TLSCertificateKeyFile /etc/ldap/ssl/server.pem
> TLSVerifyClient demand
>
> and in my ldap.conf I have;
>
> HOST <my_ip>
> PORT 636
> TLS_REQCERT /etc/ldap/ssl/server.pem
>
>
> When I start the service, I see port 636 is up and I can even telnet to
> it. But I cannot perform any ldap operations there.
>
> Any help would be appreciated!
>
> Thanks,
> ~Chamith
>
>