Hello, Thanks for your reply. I created a client certificate and key and on the client machine added TLS_CACERT, TLS_CERT, and TLS_KEY options. I ensured the key permissions are world readable and tried another ldapsearch. I am getting the same error, can not connect. On the server if i switch TLSVerifyClient from demand to never it works fine. I'd like to have both the client and server verify each other, or is there a better way of doing this? Thanks. Dave.
----- Original Message ----- From: "Michael Ströder" michael@stroeder.com To: openldap-software@openldap.org Sent: Thursday, February 14, 2008 10:24 AM Subject: Re: openldap and tls
Dave wrote:
When you say client i'm assuming your refering to the ldap client,
Yes.
configuration file /usr/local/etc/openldap/ldap.conf,
Concerning what the server slapd requires to come from the client is configured in the server's configuration.
Michael Ströder wrote:
See man 5 slapd.conf for learning about what option TLSVerifyClient means.
You should take my advice more literally. I'm not inventing comments just for fun. Please first check TLSVerifyClient in your slapd.conf.
Ciao, Michael.