Re: TLSVerifyClient => no login possible

Dieter Kluenter schrieb: > Hello Sebastian, > > Sebastian Reinhardt <snr(a)lmv-hartmannsdorf.de&gt; writes: > > >> Dieter Kluenter schrieb: >> >>> Hello Sebastian, >>> >>> Sebastian Reinhardt <snr(a)lmv-hartmannsdorf.de&gt; writes: >>> >>> >>> >>>> Dieter Kluenter schrieb: >>>> >>>> >>>>> Sebastian Reinhardt <snr(a)lmv-hartmannsdorf.de&gt; writes:

As I tried to perform "ldapsearch" with TLS enabled I got some output about "version trouble" of openldap server and client libraries. But now I solved this problem and I have configured "pam_ldap" again. The login with "TLSVerifyClient demand" (enabled in slapd.conf) works, but not with "tls_checkpeer yes" in "/etc/ldap.conf". If "tls_checkpeer" is "yes", the login is not possible (output: "Permissions on the password database may be too restrictive"). The "strace -o /tmp/ldapsearch.txt ldapsearch -d 1 -x -ZZ -h 192.168.0.201 "(uid=*)" " is creating command line output:

For strace output take a look at the attached file, please. I think that server and client do not comunicate via TLS, or do they? And why can I login, but not search (with "tls_checkpeer no")?