Howard Chu wrote:
Fran Fabrizio wrote:

Re-read the ldap.conf(5) manpage or the OpenLDAP Admin Guide. Your cacerts directory is not configured correctly for use with the TLS_CACERTDIR directive.

Thanks Howard, I will do so today. Do you have any specific recommendations? I'm using a stock Fedora Core 4 box, so they're the ones that set up the /etc/openldap/cacerts directory. When you enable LDAP authentication with TLS within Fedora, they simply say "remember to copy the cacert.pem file which signed your server cert to this client's /etc/openldap/cacerts directory."

PS: Anybody who actually tried to use things the way Fedora says would have run into the same problem you did. It's a well documented feature of the OpenSSL library, going back to the original release. To an innocent observer it would appear that they're just making stuff up and tossing it out there without actually testing it.

  -- Howard Chu
  Chief Architect, Symas Corp.
  Director, Highland Sun
  OpenLDAP Core Team  

You are currently subscribed to as: [EMAIL PROTECTED]
To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the 
SUBJECT of the message.

Reply via email to