man, 22.03.2004 kl. 15.58 skrev Vincent Jaussaud: > > Evo's LDAP client doesn't need a cert and doesn't complain about > > self-signed certs - not 1.4.x, anyway. > > I agree, so I think the problem comes from openLDAP. > > My slapd.conf is configured that way btw: > TLSCertificateFile /usr/share/ssl/certs/server.pem > TLSCertificateKeyFile /usr/share/ssl/certs/server.key > TLSVerifyClient never > TLSCACertificateFile /usr/share/ssl/certs/mycompanyCA.pem > TLSCACertificatePath /usr/share/ssl/certs/
TLSCACertificatePath should not be given without prior, vry good doc reading. > And it definitely works with Mozilla / Outlook, so there has to be > something to do with evo. As I wrote, my Evo is 1.4.5, Openldap is 2.2.6. But it's also worked with earlier versions of both, though earlier Evo than 1.4.5 (last was 1.2.x) was *horrible* and gave all sorts of problems. > Both Mozilla/Outlook knows about our company CA (eg, it is included in > their Trusting CA databases), while Evo do not. O.k. > But then, I don't understand what the "TLSVerifyClient never" option is > used for.. It isn't, unless you're using Openldap's SASL external. Just forget it :) --Tonni -- mail: billy - at - billy.demon.nl http://www.billy.demon.nl _______________________________________________ evolution maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/evolution
