At 12:37 PM 9/22/2006, Howard Chu wrote:
Dan O'Reilly wrote:
At 01:48 PM 9/21/2006, Kurt D. Zeilenga wrote:
At 12:00 PM 9/21/2006, Dan O'Reilly wrote:
>I'm trying to get an OpenLDAP client to use TLS to talk to
(non-OpenLDAP) LDAP server. This LDAP server is properly configured
for TLS (as verified by other (non-OpenLDAP) LDAP clients).
Verify the server is configured properly for LDAP over TLS (ldaps://)
using the OpenSSL s_client program (with certificate verification
enabled).
Well, I guess the specific question I would have here is "what
certificates/keys/etc are even required for this?". When setting up the
LDAP server I was told by the people who supply it that I would need only
a trusted root certificate from the LDAP server to do authentication, but
I was also told by another person at that company that I would need more
than just that one certificate. What specifically would LDAP need? I
suspect my problem isn't really so much one of a misconfigured server so
much as not having all the necessary certs and/or keys available, that
sort of thing.
See the Admin Guide, it's all spelled out there.
http://www.openldap.org/doc/admin23/tls.html
That indicates that client certificates are optional, only required to
validate using SASL (which I'm not trying to do), so I don't think I need
one (is that correct?). Additionally, am I correct in my interpretation
that I need both a trusted root certificate from the CA plus a server
certificate?
------
+-------------------------------+----------------------------------------+
| Dan O'Reilly | "There are 10 types of people in this |
| Principal Engineer | world: those who understand binary |
| Process Software | and those who don't." |
| http://www.process.com | |
+-------------------------------+----------------------------------------+
