Asimananda Mohanty asimananda.mohanty@gmail.com writes:
Hi Dieter,
I already have the certificates and here is my ldap.conf :
TLS_REQCERT demand TLS_CACERT /etc/ssl/certs/ca-cert.pem
With these settings, it's working fine. As I already mentioned, ldapsearch command runs fine with "ldaps" url and also with "ldap" url WITH "-ZZ" option.
I think that indicates that TLS is enabled on the server.
Is there any difference in behavior when slapd used libgnutls and when it uses libssl ? Or they both serve the same purpose (this was my idea till now)?
Does apache expect slapd to use libssl and not libgnutls ?
Apache doesn't know anything about slapd, all it does is, to connect to a defined port and tries to verify the certificate presented and establish a secured ldap session. If apache fails to verify the certificate or is otherwise not able to establish a secured ldap session it will not connect, unless the configuration allows to establish an unsecured session.
-Dieter