Alex Samad wrote:
Hi
I am trying to build a network of ldap nodes sync with syncrepl using x509 certificates.
I ran into a problem when I setup the first slace node, I create a certificate that did not have SSL Client purpose, but did have SSL Server purpose - I am presuming it is this, because 2 certificates made exactly the same way, 1 fails
- the non SSL Client and the other works the one that has the SSL Client purpose.
I am presuming that I need both purposes SSL Server and SSL Client - the former to allow ldaps usage and the later for making ldap request and being a client in a syncrepl scenario.
Is there
a) a way to specify another certificate to use in the syncrepl config
In OpenLDAP 2.4, yes. Read the manpage.
b) a way to not check for the SSL Client purpose in the certificate
That's a function of the SSL library; I would guess not.
For now I am going to create on that has both purposes ...
Alex