Hi Fabio On Sun, Aug 05, 2007 at 10:45:07AM +0200, Fabio Tranchitella wrote: > Hi Ola, > > * 2007-08-04 22:33, Ola Lundqvist wrote: > > Thanks for the explanation as well, but it do not work still. > > Either I need a way to disable certificate checking, or someone need > > to explain to me exactly why the certificate check fails. > > How does this relate to the original bug in phpldapadmin? As far as I can > see, this is a problem on your local slapd configuration.
Well I have been able to use ssl/tls in this setup in all other software that use ldap. That is horde3(+more of its web apps), pam, nss and exim. I can also access it from outside with ldapbrowser (java app). But if phpldapadmin require certificate check, than it is a local configuration issue. Isn't it possible to disable that check? If you can point me to a documentation, manual page or similar that explains how to set it all up (that works), then I'm perfectly satisfied. It would be good if the package point to that documentation in that case. :) > Anyway, do you specify the certification authority's certificate (ca.pem, > the one from the demoCA if you used CA.pl) in /etc/ldap/ldap.conf? I specify the following: TLSCertificateFile /etc/ssl/certs/ldap.opalsys.net-cert.pem TLSCertificateKeyFile /etc/ldap/ldap.opalsys.net-key-nopass.pem TLSCACertificateFile /etc/ssl/certs/cacert.pem TLSVerifyClient never TLSCRLCheck none The certificate is signed by the cacert. The CA certificate is a self signed CA cert. Best regards, // Ola > Cheers, > > -- > Fabio Tranchitella http://www.kobold.it > Free Software Developer and Consultant http://www.tranchitella.it > _____________________________________________________________________ > 1024D/7F961564, fpr 5465 6E69 E559 6466 BF3D 9F01 2BF8 EE2B 7F96 1564 -- --- Ola Lundqvist systemkonsult --- M Sc in IT Engineering ---- / [EMAIL PROTECTED] Annebergsslingan 37 \ | [EMAIL PROTECTED] 654 65 KARLSTAD | | http://opalsys.net/ Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / --------------------------------------------------------------- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]