Dieter Kluenter schrieb:
Sebastian Reinhardt <snr(a)lmv-hartmannsdorf.de> writes:
> Sorry, please forget everything I wrote in my last mail....stop! Not
> everithing! Delte the "partial"!
> IT WORKS! I can login at both, "real" client pc and as client on server
> machine! Everithing is set to demand and the test (ldapsearch and login)
> works. So only the one point is left: the LDAP- Workshop (Stefan Kania's
> one) uses the "TLSCipherSuite HIGH:MEDIUM:+SSLv2" option. If I activate
> this in slapd.conf, ldap can not be started. Why? I do not know, because
> I get no output.
In order to find out run
openssl ciphers SSLv2
openssl ciphers HIGH
openssl ciphers MEDIUM
I get the following output:
lmvserver:~ #openssl ciphers SSLv2
lmvserver:~ # openssl ciphers MEDIUM
lmvserver:~ # openssl ciphers HIGH
So I think, this should work?! SSLv3 is also available. Is it better to
use "TLSCipherSuite HIGH:MEDIUM:+SSLv3"?
Oh, I had not posted the solution of my major problem: I mixed ip's and
host names (in /etc/ldap.conf I used ip's and in certificates host
names). Due to the comment in /etc/ldap.conf "the LDAP- Server must be
resolveable without ldap" I thought that it is better to use the ip of
our server. Also, I used as common name instead of servers host name the
client name (in every client cert the according client host name). So
this could not work......I was a little bit confused of configuring
multiple ldap.conf- file, but thanks to Dieter the server is up and running.
Mit freundlichen Grüßen