Fran Fabrizio wrote:

Re-read the ldap.conf(5) manpage or the OpenLDAP Admin Guide. Your cacerts directory is not configured correctly for use with the TLS_CACERTDIR directive.

Thanks Howard, I will do so today. Do you have any specific recommendations? I'm using a stock Fedora Core 4 box, so they're the ones that set up the /etc/openldap/cacerts directory. When you enable LDAP authentication with TLS within Fedora, they simply say "remember to copy the cacert.pem file which signed your server cert to this client's /etc/openldap/cacerts directory."

There are a tiny few good 3rd party documents on using OpenLDAP, but in general, you're better off going to official documentation from the OpenLDAP Project (e.g. the Admin Guide) first. The majority of people out there writing their HOWTOs and relating how they set things up have no idea what they're talking about. The abysmal state of OpenLDAP on Red Hat/Fedora releases tells me that they're by no means paragons of OpenLDAP expertise.

  -- Howard Chu
  Chief Architect, Symas Corp.
  Director, Highland Sun
  OpenLDAP Core Team  

You are currently subscribed to as: [EMAIL PROTECTED]
To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the 
SUBJECT of the message.

Reply via email to