[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Communicate from php/apache to openLDAP over LDAPS

To: Dieter Kluenter <dieter@dkluenter.de>
Subject: Re: Communicate from php/apache to openLDAP over LDAPS
From: Howard Chu <hyc@symas.com>
Date: Fri, 11 Jun 2010 12:09:59 -0700
Cc: openldap-technical@openldap.org
In-reply-to: <878w6l39cm.fsf@magenta.l4b.de>
References: <AANLkTimZdDamAxBQlKaq9nZugTkpOFxDRg2K7OEHotKU@mail.gmail.com> <C077F5CF-3E9A-4562-8D34-451AB6C9B38A@u-pec.fr> <AANLkTimeVtXNYoDpHjoVBb_2u1QbsN563eKIX1nNt-Ha@mail.gmail.com> <4C11301F.3010009@symas.com> <5BE8F969-F3A3-4A72-A9E6-76D555D8ED58@internode.on.net> <AANLkTiluv2nON6LY_RkH6uCYRRi1iEvkLtBjY4b8Mm9H@mail.gmail.com> <20100611114729.0a3f4309@magenta.l4b.de> <AANLkTilCH4tOLrfKIZD6CTulKVS74G_7h7CtE8gVLwjX@mail.gmail.com> <87d3vx3euw.fsf@magenta.l4b.de> <AANLkTimdAJ-K_iuMp1andGnMVGz_mbrPxcVzSxAXzsfD@mail.gmail.com> <878w6l39cm.fsf@magenta.l4b.de>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; rv:1.9.3a5pre) Gecko/20100607 Firefox 3.6

Dieter Kluenter wrote:

Jérémy ESCOLANO<jeremyescolano@gmail.com>  writes:

I see, so I need to configure the Apache server to make it able verify
the ldap server certificate by using the certificate authority.  That
is what  I don't know how to do it.  If it can help, here is the error
I get :

SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
s3_srvr:2471


You have configured slapd to request a client certificate which the
client does not provide, just set TLSVerifyClient never in slapd.conf
and TLS_REQCERT try (or demand) in ldap.conf or any other client
configuration file.

Just don't specify TLS_REQCERT at all in ldap.conf. The default is demand andshould not be changed.

In all of this thread no one has asked or stated what version of OpenLDAP isbeing used...


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

References:
- Communicate from php/apache to openLDAP over LDAPS
  - From: Jérémy ESCOLANO <jeremyescolano@gmail.com>
- Re: Communicate from php/apache to openLDAP over LDAPS
  - From: Thierry Lacoste <lacoste@u-pec.fr>
- Re: Communicate from php/apache to openLDAP over LDAPS
  - From: Jérémy ESCOLANO <jeremyescolano@gmail.com>
- Re: Communicate from php/apache to openLDAP over LDAPS
  - From: Howard Chu <hyc@symas.com>
- Re: Communicate from php/apache to openLDAP over LDAPS
  - From: Indexer <indexer@internode.on.net>
- Re: Communicate from php/apache to openLDAP over LDAPS
  - From: Jérémy ESCOLANO <jeremyescolano@gmail.com>
- Re: Communicate from php/apache to openLDAP over LDAPS
  - From: Dieter Kluenter <dieter@dkluenter.de>
- Re: Communicate from php/apache to openLDAP over LDAPS
  - From: Jérémy ESCOLANO <jeremyescolano@gmail.com>
- Re: Communicate from php/apache to openLDAP over LDAPS
  - From: "Dieter Kluenter" <dieter@dkluenter.de>
- Re: Communicate from php/apache to openLDAP over LDAPS
  - From: Jérémy ESCOLANO <jeremyescolano@gmail.com>
- Re: Communicate from php/apache to openLDAP over LDAPS
  - From: "Dieter Kluenter" <dieter@dkluenter.de>

Prev by Date: Re: Delta-syncrepl and delay in replication
Next by Date: Re: Restricting client access using pam_groupdn with dynamic groups : Was[Re: restrict host login based on group]
Index(es):
- Chronological
- Thread