I got my configuration working

I have a ca.crt (a root  cert from CAcert.org, you could create your own ca.crt)
I have a server.key     
I have a server.crt (signed by ca.crt)

all setup in the slapd.conf file

I have ca.crt setup in the ldap.conf file on the slave

I happen to have TLS_VERIFY NEVER set, but I'm not sure that matters.
I also have TLS_REQCERT ALLOW set, but because of above it's not used in the ldap.conf

I've set this up on Fedora, MDK, and OpenSolaris.


On Dec 21, 2007, at 12:19 PM, Quanah Gibson-Mount wrote:

--On December 21, 2007 9:07:20 AM -0800 Quanah Gibson-Mount
<quanah@zimbra.com> wrote:

> --On December 21, 2007 11:22:10 AM +0100 RUMI Szabolcs <rumi_ml@rtfm.hu>
> wrote:
>> And at the clients:
>> tls_cacertfile /etc/ssl/certs/CA.pem
>># tls_cacertdir /etc/ssl/certs
>> tls_cert /etc/openldap/ssl/ldap-client.crt
>> tls_key /etc/openldap/ssl/ldap-client.key
>> Is this wrong?
> I've run into issues on some platforms, where I had to use the
> TLS_CACERTDIR directive in slapd.conf

Err, in ldap.conf or .ldaprc, I mean. ;)



Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration

Chris G. Sellers | NITLE Technology
AIM: imthewherd | GTalk: cgseller@gmail.com