Full_Name: Tiziano Müller Version: 2.4.10 OS: Gentoo Linux 2008.0 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (212.126.163.234)
I've generated certificates for the server and a client using my own CA. The following works: * client checks server certificate * server checks client certificate
Nevertheless the following keeped appearing in the log: 2008-06-18T13:49:13.135510+02:00 localhost slapd[1771]: connection_read(14): unable to get TLS client DN, error=-4 id=1
And I was therefore not able to use SASL/EXTERNAL.
When I rebuilt OpenLDAP with OpenSSL instead of GnuTLS it suddenly worked (while not changing anything else).
The certificates have been generated using OpenSSL (even though this shouldn't matter).