[courier-users] courier-imap as ldap client not send certificate

Wed, 31 Aug 2005 20:26:58 -0700 


I test courier-imap with openldap as backend on Red Hat Enterprise V4.
- courier-authlib-0.55.20050407
- courier-imap-4.0.2.20050403
- openldap-servers-2.2.13
I try to make client(courier-imap) send certificate to openldap server for verify client. Loook like courier-imap use ldap client from openldap package to query ldap server. 
So the config file for client to read  is /etc/openldap/ldap.conf .
So, I put "TLS_KEY" and "TLS_CERT" in /etc/openldap/ldap.conf but its not work . 
From slapd debug , its said client not send certificate.

from man page  i have move  this tag in to $HOME/ldaprc
and run this command as root "ldapsearch -x -ZZ -v" , it work fine( i put TLS_KEY, TLS_CERT into /root/ldaprc ) 

But  when i test  "telnet localhost 110" try to authenticate user in ldap
slapd debug said again  client not send certificate.
when "ps faux", i saw courier-imap process run ass root but it not read /root/ldaprc 
Look like  the courier-imap only read config in /etc/openldap/ldap.conf ?
Have anyway for courier-imap look into /root/ldaprc instead of /etc/openldap/ldap.conf ? Becasue TLS_KEY,TLS_CERT have effect only in "$HOME/ldaprc" or "$HOME/.ldaprc" 
not /etc/openldap/ldap.conf

### my config
### /etc/openldap/slapd.conf
TLSCACertificateFile /etc/openldap/certs/demoCA/cacert.pem
TLSCertificateFile /etc/openldap/certs/slap.crt
TLSCertificateKeyFile /etc/openldap/certs/slap.key
TLSVerifyClient demand

### /root/ldaprc
HOST rhel4.example.com
BASE o=redhat
TLS_REQCERT demand
TLS_KEY /etc/openldap/certs/slap.key
TLS_CERT /etc/openldap/certs/slap.crt
TLS_CACERT /etc/openldap/certs/demoCA/cacert.pem


ldapsearch, ldapadd or other utility work fine with -ZZ
but courier-imap can authenticate only if i remove "TLSVerifyClient demand" from slapd.conf 

Regards,
Nattapon Viroon

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ 



-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
courier-users mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to