Re: TLSVerifyClient => no login possible

Dieter Kluenter schrieb: > Sebastian Reinhardt <snr(a)lmv-hartmannsdorf.de&gt; writes: > > >> Hello, >> >> I have configured an openSUSE 11.0 (x86_64) with openldap- server. Also >> the TLS is activated. All clients are set to "TLS_REQCERT demand" >> and is working. >> Then I created client certificates by using the servers Yast2 CA- >> management. I copied teh client certificates and also the servers >> "cacert" into the "/etc/openldap/" directory on client computer. With >> "TLSVerifyClient allow" clients can login, but if I activate the >> "TLSVerifyClient demand" option in servers slapd.conf no user can >> perform an login and it causes errors in /var/log/messages: >> > [...] > > >> What is wrong? The clients certificate "common name" is set to the >> clients hostname. Is this ok? >> > > Clients don't read slapd.conf(5) but only ldap.conf(5), run slapd with > debug level 3 to analyse the tls session. > > -Dieter > > Hello Dieter, Now I have set the loglevel to "3" and I get the following output if I try to login (still fails):

-------------------/var/log/messages---------------------------------------------------------------------

Feb 25 16:41:49 lmvserver kdm: :0[11544]: nss_ldap: could not search LDAP server - Server is unavailable

-------------------/var/log/messages---------------------------------------------------------------------