> De : Philip Guenther <[email protected]> > On Sat, Sep 22, 2012 at 3:33 PM, Mik J <[email protected]> wrote: >>> De : Philip Guenther <[email protected]> >>> Since you have a working set up outside of the chroot, I would think >>> the easiest thing would be to copy that set up into the chroot, with >>> /etc/openldap/ldap.conf and /ec/openldap/ssl/CA.crt inside the chroot. >> >> Hello Philip, I've tried that but no success. > > Same errors or different? What were the results when you tried using > the CLI ldapsearch tool from inside the chroot, via > chroot -u www /var/chroot > ? > > >> I'm wondering if there could be something done in httpd.conf > > What's your hypothesis about why it's not finding the CA.crt that you > put in the chroot? How are you going to test it?
Hello Philip, This is quite difficult to make it work inside the chroot because the tty doesn't really work there. However after numerous tests I think I've found the correct settings # cat /var/www/etc/openldap/ldap.conf URI ldaps://myserver.mydomain.org TLS_CACERT /etc/openldap/ssl/CA.crt TLS_CIPHER_SUITE HIGH:MEDIUM:+SSLv3 # ls /var/www/etc/openldap/ssl/CA.crt CA.crt Thank you for you help and suggestions.
