I use iDAR 2.1 on Solaris 2.6. I use SSL/TLS between clients and iDAR but "pure" LDAP between iDAR and its LDAP server(s). I dont want client authentication and therefore dont want iDAR to send a "CertificateRequest" at all. As I have seen iDAR handles client authentication correctly by setting the attribute . So far so good. But I cannot prevent iDAR from sending a "CertificateRequest" at all. Setting the attribute "ids-proxy-con-ssl-cert-required" to false does not help. This is correct behaviour but ... This leads to the following problem: (Some) SSL clients (PureTLS, jsse1.0.2) do not handle a "CertificateRequest" correctly if they have no appropriate client certificate available. Instead of "sending a certificate message containing no certificate" to the server they just cancel the connection (and send a fatal alert to the server (handshake failure!). Is there no way *not* to send a "CertificateRequest" at all? This would make my clients happy. As I said I use SSL/TLS on the client but not on the server side. Regards, Werner -- Werner Christen Email [EMAIL PROTECTED] ]:-o
