20 Apr
2015
20 Apr
'15
12:41 p.m.
On Mon, Apr 20, 2015 at 08:07:48PM +0200, E.therepa wrote:
ldap.conf # TLS certificates (needed for GnuTLS) TLS_CACERT /etc/ldap/ssl/ca-cert.pem TLS_CERT /etc/ldap/ssl/clients/lrc-ldapsearch.crt TLS_KEY /etc/ldap/ssl/clients/lrc-ldapsearch.key TLS_REQCERT hard
<snip>
As far as i can see and found info my client and servers TLS settings are configured properly. What i really don't get is that the client doesnt send his certs to the server.
We made some progress on this in IRC: as noted in ldap.conf(5), the TLS_KEY option is only valid in a user ldaprc, not the system-wide ldap.conf, so it was being ignored.