--On December 21, 2007 11:22:10 AM +0100 RUMI Szabolcs rumi_ml@rtfm.hu wrote:
And at the clients:
tls_cacertfile /etc/ssl/certs/CA.pem # tls_cacertdir /etc/ssl/certs tls_cert /etc/openldap/ssl/ldap-client.crt tls_key /etc/openldap/ssl/ldap-client.key
Is this wrong?
I've run into issues on some platforms, where I had to use the TLS_CACERTDIR directive in slapd.conf, and then have a x509 hash in the ca dir. This seems to be related to some issue inside of OpenSSL. As others have noted, make sure that you can get ldapsearch -ZZ to work first.
[build@build01 zimbra]$ cat .ldaprc TLS_CACERTDIR /opt/zimbra/conf/ca
[build@build01 ca]$ pwd /opt/zimbra/conf/ca [build@build01 ca]$ ls -l total 8 lrwxrwxrwx 1 root root 6 Dec 18 12:37 3f8945a0.0 -> ca.pem -rw-r--r-- 1 root root 891 Dec 18 12:37 ca.key -rw-r--r-- 1 root root 976 Dec 18 12:37 ca.pem
for example.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration