Re: Solaris 10 native Client with TLS to OpenLDAP
Thanks for your reply Dieter.
On Tue, Oct 07, 2008 at 09:03:21PM +0200, Dieter Kluenter wrote:
John Gee <john(a)kleinfeld.ch> writes:
> -( solaris 10 - client )----
>
[...]
> # list cert-db
> certutil -L -d /var/ldap
> ca-cert CT,,
> ldap02.kleinfeld.ch C,,
> ldap01.kleinfeld.ch C,,
The server presents the server certificate (ldap01.kleinfeld.ch),
the ldap client presents the CA but the server expects a client
certificate. Change slapd.conf not to verfiy a client certificate.
Well, i already have "TLSVerifyClient never" entry in slapd.conf.
I think there must be a option on client side (Solaris 10 native
client). When using openLDAP Client with the following options in
ldap.conf it works (but not with the native client)
TLS_CACERT /etc/ssl/certs/cacert.pem
TLS_REQCERT never
- John