I got my configuration working
I have a ca.crt (a root cert from CAcert.org, you could create your own ca.crt) I have a server.key I have a server.crt (signed by ca.crt)
all setup in the slapd.conf file
I have ca.crt setup in the ldap.conf file on the slave
I happen to have TLS_VERIFY NEVER set, but I'm not sure that matters. I also have TLS_REQCERT ALLOW set, but because of above it's not used in the ldap.conf
I've set this up on Fedora, MDK, and OpenSolaris.
Sellers
On Dec 21, 2007, at 12:19 PM, Quanah Gibson-Mount wrote:
--On December 21, 2007 9:07:20 AM -0800 Quanah Gibson-Mount quanah@zimbra.com wrote:
--On December 21, 2007 11:22:10 AM +0100 RUMI Szabolcs <rumi_ml@rtfm.hu
wrote:
And at the clients:
tls_cacertfile /etc/ssl/certs/CA.pem # tls_cacertdir /etc/ssl/certs tls_cert /etc/openldap/ssl/ldap-client.crt tls_key /etc/openldap/ssl/ldap-client.key
Is this wrong?
I've run into issues on some platforms, where I had to use the TLS_CACERTDIR directive in slapd.conf
Err, in ldap.conf or .ldaprc, I mean. ;)
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration
______________________________________________ Chris G. Sellers | NITLE Technology 734.661.2318 | chris.sellers@nitle.org AIM: imthewherd | GTalk: cgseller@gmail.com