Howard Chu wrote:
Fran Fabrizio wrote:
Re-read the ldap.conf(5) manpage or the OpenLDAP Admin Guide. Your
cacerts directory is not configured correctly for use with the
TLS_CACERTDIR directive.
Thanks Howard, I will do so today. Do you have any specific
recommendations? I'm using a stock Fedora Core 4 box, so they're the
ones that set up the /etc/openldap/cacerts directory. When you enable
LDAP authentication with TLS within Fedora, they simply say "remember
to copy the cacert.pem file which signed your server cert to this
client's /etc/openldap/cacerts directory."
PS: Anybody who actually tried to use things the way Fedora says would
have run into the same problem you did. It's a well documented feature
of the OpenSSL library, going back to the original release. To an
innocent observer it would appear that they're just making stuff up and
tossing it out there without actually testing it.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/
---
You are currently subscribed to ldap@umich.edu as: [EMAIL PROTECTED]
To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the
SUBJECT of the message.
