Fran Fabrizio wrote:
Re-read the ldap.conf(5) manpage or the OpenLDAP Admin Guide. Your cacerts directory is not configured correctly for use with the TLS_CACERTDIR directive.
Thanks Howard, I will do so today. Do you have any specific recommendations? I'm using a stock Fedora Core 4 box, so they're the ones that set up the /etc/openldap/cacerts directory. When you enable LDAP authentication with TLS within Fedora, they simply say "remember to copy the cacert.pem file which signed your server cert to this client's /etc/openldap/cacerts directory."
There are a tiny few good 3rd party documents on using OpenLDAP, but in general, you're better off going to official documentation from the OpenLDAP Project (e.g. the Admin Guide) first. The majority of people out there writing their HOWTOs and relating how they set things up have no idea what they're talking about. The abysmal state of OpenLDAP on Red Hat/Fedora releases tells me that they're by no means paragons of OpenLDAP expertise.
-- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc OpenLDAP Core Team http://www.openldap.org/project/ --- You are currently subscribed to ldap@umich.edu as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
