Hello,
Thanks for your reply. I created a client certificate and key and on the
client machine added TLS_CACERT, TLS_CERT, and TLS_KEY options. I ensured
the key permissions are world readable and tried another ldapsearch. I am
getting the same error, can not connect. On the server if i switch
TLSVerifyClient from demand to never it works fine. I'd like to have both
the client and server verify each other, or is there a better way of doing
this?
Thanks.
Dave.
----- Original Message -----
From: "Michael Ströder" <michael(a)stroeder.com>
To: <openldap-software(a)openldap.org>
Sent: Thursday, February 14, 2008 10:24 AM
Subject: Re: openldap and tls
Dave wrote:
> When you say client i'm assuming your refering to the ldap client,
Yes.
> configuration file /usr/local/etc/openldap/ldap.conf,
Concerning what the server slapd requires to come from the client is
configured in the server's configuration.
>Michael Ströder wrote:
>> See man 5 slapd.conf for learning about what option TLSVerifyClient
>> means.
You should take my advice more literally. I'm not inventing comments just
for fun. Please first check TLSVerifyClient in your slapd.conf.
Ciao, Michael.