Re: TLSVerifyClient => no login possible
Sebastian Reinhardt <snr(a)lmv-hartmannsdorf.de> writes:
Hello,
I have configured an openSUSE 11.0 (x86_64) with openldap- server. Also
the TLS is activated. All clients are set to "TLS_REQCERT demand"
and is working.
Then I created client certificates by using the servers Yast2 CA-
management. I copied teh client certificates and also the servers
"cacert" into the "/etc/openldap/" directory on client computer.
With
"TLSVerifyClient allow" clients can login, but if I activate the
"TLSVerifyClient demand" option in servers slapd.conf no user can
perform an login and it causes errors in /var/log/messages:
[...]
What is wrong? The clients certificate "common name" is set
to the
clients hostname. Is this ok?
Clients don't read slapd.conf(5) but only ldap.conf(5), run slapd with
debug level 3 to analyse the tls session.
-Dieter
--
Dieter Klünter | Systemberatung
http://www.dpunkt.de/buecher/2104.html
sip: +49.180.1555.7770535
GPG Key ID:8EF7B6C6
53°08'09,95"N
10°08'02,42"E