----- Original Message Follows ----- From: Francis Swasey <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Cc: [email protected] Subject: [ldap] Re: newbie question about LDAP TLS Date: Mon, 05 Mar 2007 06:39:07 -0500
> On 3/5/07 6:22 AM, [EMAIL PROTECTED] wrote: > > > in the ldap configuration file there are two option > > > > #tls_cacertfile /etc/ssl/ca.cert > > #tls_cacertdir /etc/ssl/certs > > Since you have your pem file you should use tls_cacertfile > and ignore tls_cacertdir. > > The tls_cacertdir directive is if you have set up a > directory that has the OpenSSL hashes linked to the certs > (ie, the SuSE way and not the RedHat way). Thanks a lot for your explanation. here is my TLS settings in /etc/ldap.conf ssl start_tls tls_checkpeer yes tls_cacertfile /etc/ssl/joydeep/newcert.pem and I hv restarted the ldap. AND NOW when I try to connect it gives protocol error like ==================================================== Mar 5 17:22:05 linux slapd[682]: conn=1 fd=13 ACCEPT from IP=127.0.0.1:48992 (IP=0.0.0.0:389) Mar 5 17:22:05 linux slapd[682]: conn=1 op=0 EXT oid=1.3.6.1.4.1.1466.20037 Mar 5 17:22:05 linux slapd[682]: do_extended: unsupported operation "1.3.6.1.4.1.1466.20037" Mar 5 17:22:05 linux slapd[682]: conn=1 op=0 RESULT tag=120 err=2 text=unsupported extended operation Mar 5 17:22:05 linux saslauthd[5727]: pam_ldap: ldap_starttls_s: Protocol error ================================================================================= what may be the mistake I have done here ? with best regards. > > -- > Frank Swasey | http://www.uvm.edu/~fcs > Sr Systems Administrator | Always remember: You are > UNIQUE, University of Vermont | just like > everyone else. > "I am not young enough to know everything." - Oscar > Wilde (1854-1900) > > > > --- > You are currently subscribed to [email protected] as: > [EMAIL PROTECTED] To unsubscribe send email to > [EMAIL PROTECTED] with the word UNSUBSCRIBE as the > SUBJECT of the message. > > [Attachment: smime.p7s] --- You are currently subscribed to [email protected] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
