On Sat, 13 May 2006 22:53:21 -0300 "Francisco Saito" <[EMAIL PROTECTED]> wrote:
> Add a clausule: > tls=critical after bindmethod=simple credentials=secret It now works fine, I had generated certificates with the SSL-client flag set, not the SSL-server flag. For future googlers: To check certs you can use the following command: $ openssl x509 -in ldapslave.example.com-cert.pem -purpose -noout Certificate purposes: SSL client : No SSL client CA : No SSL server : Yes SSL server CA : No Netscape SSL server : Yes Netscape SSL server CA : No S/MIME signing : No S/MIME signing CA : No S/MIME encryption : No S/MIME encryption CA : No CRL signing : Yes CRL signing CA : No Any Purpose : Yes Any Purpose CA : Yes OCSP helper : Yes OCSP helper CA : No R. -- ___________________________________________________________________ It is better to remain silent and be thought a fool, than to speak aloud and remove all doubt. +------------------------------------------------------------------+ | Richard Lucassen, Utrecht | | Public key and email address: | | http://www.lucassen.org/mail-pubkey.html | +------------------------------------------------------------------+
