--On Tuesday, March 13, 2012 11:03 AM -0700 Peter Wood peterwood.sd@gmail.com wrote:
On Mon, Mar 12, 2012 at 9:41 PM, Quanah Gibson-Mount quanah@zimbra.com wrote:
--On Monday, March 12, 2012 6:52 PM -0700 Peter Wood peterwood.sd@gmail.com wrote:
Hi,
I setup openldap-2.4.23 server
Why? I'd suggest you start with the current release, 2.4.30. You may also want to look at http://www.openldap.org/its/index.cgi/?findid=7197
That's the openldap version in centos6.2 repo. In production I try to stick with stock versions.
Also I tried all variations of olcTLSVerifyClient: [demand|hard|true] with the same result.
I don't think StartTLS is enabled. I'm wondering if just setting olcTLSCACertificateFile, olcTLSCertificateFile and olcTLSCertificateKeyFile is enough to get StartTLS enabled.
It's very frustrating. I'd hate to go to ldaps just because I can't get StartTLS working.
Is there anything else I have to set on the server to get StartTLS working?
How are you testing to see if it or is not working? Just run ldapsearch -x -ZZ -H ldap://<hostname>
to force startTLS
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration