Re: Sync Replication via TLS/SSL - get bind err
I got my configuration working
I have a ca.crt (a root cert from CAcert.org, you could create your
own ca.crt)
I have a server.key
I have a server.crt (signed by ca.crt)
all setup in the slapd.conf file
I have ca.crt setup in the ldap.conf file on the slave
I happen to have TLS_VERIFY NEVER set, but I'm not sure that matters.
I also have TLS_REQCERT ALLOW set, but because of above it's not used
in the ldap.conf
I've set this up on Fedora, MDK, and OpenSolaris.
Sellers
On Dec 21, 2007, at 12:19 PM, Quanah Gibson-Mount wrote:
--On December 21, 2007 9:07:20 AM -0800 Quanah Gibson-Mount
<quanah(a)zimbra.com> wrote:
>
>
> --On December 21, 2007 11:22:10 AM +0100 RUMI Szabolcs <rumi_ml(a)rtfm.hu
>
> wrote:
>> And at the clients:
>>
>> tls_cacertfile /etc/ssl/certs/CA.pem
>># tls_cacertdir /etc/ssl/certs
>> tls_cert /etc/openldap/ssl/ldap-client.crt
>> tls_key /etc/openldap/ssl/ldap-client.key
>>
>> Is this wrong?
>
> I've run into issues on some platforms, where I had to use the
> TLS_CACERTDIR directive in slapd.conf
Err, in ldap.conf or .ldaprc, I mean. ;)
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
______________________________________________
Chris G. Sellers | NITLE Technology
734.661.2318 | chris.sellers(a)nitle.org
AIM: imthewherd | GTalk: cgseller(a)gmail.com
Attachments:
- attachment.htm (text/html — 4.2 KB)