[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS problem

To: openldap-technical@openldap.org
Subject: Re: TLS problem
From: Hugo Monteiro <hugo.monteiro@fct.unl.pt>
Date: Wed, 07 Jul 2010 12:35:22 +0100
/m: 46/d:7040); 07 Jul 0110 11:35:22 -0000
In-reply-to: <20100707121727.3f645208@saya.wrk.lsn.camptocamp.com>
References: <20100707121727.3f645208@saya.wrk.lsn.camptocamp.com>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.9pre) Gecko/20100217 Lightning/1.0b1 Shredder/3.0.3pre

On 07/07/2010 11:17 AM, Cedric Jeanneret wrote:

Hello,

I'm trying to configure an openldap with TLS so that all connections are encrypted.

Here's the revelent part of my slapd.conf:

TLSCipherSuite HIGH:MEDIUM:+SSLv3
TLSVerifyClient never
TLSCertificateFile /etc/ldap/ssl/server.crt
TLSCertificateKeyFile /etc/ldap/ssl/server.key

Here's my ldap.conf:

URI ldaps://my.server.ltd
BASE dc=my,dc=server,dc=ltd
LDAP_VERSION 3

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never
ssl start_tls
ssl on
TLS_CIPHER_SUITE HIGH:MEDIUM:+SSLv3



Add

TLS_REQCERT allow

 to your ldap.conf. See the ldap.conf man page for more information.

Regards,

Hugo Monteiro.

--
fct.unl.pt:~# cat .signature

Hugo Monteiro
Email	 : hugo.monteiro@fct.unl.pt
Telefone : +351 212948300 Ext.15307
Web      : http://hmonteiro.net

Divisão de Informática
Faculdade de Ciências e Tecnologia da
		   Universidade Nova de Lisboa
Quinta da Torre   2829-516 Caparica   Portugal
Telefone: +351 212948596   Fax: +351 212948548
www.fct.unl.pt                apoio@fct.unl.pt

fct.unl.pt:~# _

References:
- TLS problem
  - From: Cedric Jeanneret <cedric.jeanneret@camptocamp.com>

Prev by Date: Re: 2.4.21 delta syncrepl : do_syncrep2: rid=000 (4096) Content Sync Refresh Required
Next by Date: Re: TLS problem
Index(es):
- Chronological
- Thread