> > I have seen the later comments in the thread, but I think the problem is > that you need to choose whether to use tls or ssl. If you use tls, you > should connect to port 389 and issue start-tls. If you use ssl you > connect to 636 and don't do start-tls. Doing both, ie connect to 636 and > issue start-tls is probably a bad thing. > > Another this you could try is to ark up an openldap server on a linux > box. You can run the server with debugging switched on and see the > entire certificate negotiation from the servers point of view. > > Regards, > Frankl Ranner
The problem is now fixed. First, i activated the complete debug of the ldap module with "ldap_debug =0xFFFF". (Thanks Novell!) So, in this debug, i saw, that the cn in the certificate differs from the name of the server. so, i fixed this in my configuration, and everything works fine now. How can I/we improve the documentation of the ldap module? for example: it should be mentioned, that you need the config "ldap_debug =0xFFFF" for the complete ldap debug... and a few other things like the undocumented config-option "port"... it should be added to the config-file. what do the others think? Thanks for all the support! great job! Sebastian -- Psssst! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
