Re: Solaris 10 native Client with TLS to OpenLDAP
Hello John,
Am Mittwoch, den 08.10.2008, 08:08 +0200 schrieb John Gee:
Thanks for your reply Dieter.
On Tue, Oct 07, 2008 at 09:03:21PM +0200, Dieter Kluenter wrote:
> John Gee <john(a)kleinfeld.ch> writes:
>
> > -( solaris 10 - client )----
> >
[...]
> > # list cert-db
> > certutil -L -d /var/ldap
> > ca-cert CT,,
> > ldap02.kleinfeld.ch C,,
> > ldap01.kleinfeld.ch C,,
>
> The server presents the server certificate (ldap01.kleinfeld.ch),
> the ldap client presents the CA but the server expects a client
> certificate. Change slapd.conf not to verfiy a client certificate.
I just had to switch to my Solaris box in order to test ldapclient. I'am
referring to your initial mail now.
with certutil you created a cerficate database which includes the server
certificates, these are presented to the ldap server as client
certificates. Remove this server certificates from the repository and
just leave the ca-cert in order to verify the server certificate. This
setup I just tested successfully on my Solaris box.
-Dieter