Hello John,
Am Mittwoch, den 08.10.2008, 08:08 +0200 schrieb John Gee:
Thanks for your reply Dieter.
On Tue, Oct 07, 2008 at 09:03:21PM +0200, Dieter Kluenter wrote:
John Gee john@kleinfeld.ch writes:
-( solaris 10 - client )----
[...]
# list cert-db certutil -L -d /var/ldap ca-cert CT,, ldap02.kleinfeld.ch C,, ldap01.kleinfeld.ch C,,
The server presents the server certificate (ldap01.kleinfeld.ch), the ldap client presents the CA but the server expects a client certificate. Change slapd.conf not to verfiy a client certificate.
I just had to switch to my Solaris box in order to test ldapclient. I'am referring to your initial mail now. with certutil you created a cerficate database which includes the server certificates, these are presented to the ldap server as client certificates. Remove this server certificates from the repository and just leave the ca-cert in order to verify the server certificate. This setup I just tested successfully on my Solaris box.
-Dieter