[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: olcTLSVerifyClient: demand not taking effect

To: Peter Wood <peterwood.sd@gmail.com>
Subject: Re: olcTLSVerifyClient: demand not taking effect
From: Jan Vcelak <jvcelak@redhat.com>
Date: Tue, 13 Mar 2012 14:53:49 -0400 (EDT)
Cc: Quanah Gibson-Mount <quanah@zimbra.com>, OpenLDAP Tech <openldap-technical@openldap.org>
In-reply-to: <CAEGK5+m=02yhiGEX+gs2-ENjtaSL5A+Z=4RYbfAJGJ9EG77gEQ@mail.gmail.com>

> Is there anything else I have to set on the server to get StartTLS
> working?

Check "man ldapsearch" for -Z[Z] option.

If you want to enforce StartTLS, set appropriate SSF with olcSecurity:

$ ldapsearch -x -H ldap://server
ldap_bind: Confidentiality required (13)
        additional info: TLS confidentiality required

$ ldapsearch -x -ZZ -H ldap://server
...
# search result
...

References:
- Re: olcTLSVerifyClient: demand not taking effect
  - From: Peter Wood <peterwood.sd@gmail.com>

Prev by Date: Re: OPENLDAP SYNCREPL
Next by Date: Re: olcTLSVerifyClient: demand not taking effect
Index(es):
- Chronological
- Thread