--On December 21, 2007 11:22:10 AM +0100 RUMI Szabolcs <[EMAIL PROTECTED]> wrote:
And at the clients: tls_cacertfile /etc/ssl/certs/CA.pem # tls_cacertdir /etc/ssl/certs tls_cert /etc/openldap/ssl/ldap-client.crt tls_key /etc/openldap/ssl/ldap-client.key Is this wrong?
I've run into issues on some platforms, where I had to use the TLS_CACERTDIR directive in slapd.conf, and then have a x509 hash in the ca dir. This seems to be related to some issue inside of OpenSSL. As others have noted, make sure that you can get ldapsearch -ZZ to work first.
[EMAIL PROTECTED] zimbra]$ cat .ldaprc TLS_CACERTDIR /opt/zimbra/conf/ca [EMAIL PROTECTED] ca]$ pwd /opt/zimbra/conf/ca [EMAIL PROTECTED] ca]$ ls -l total 8 lrwxrwxrwx 1 root root 6 Dec 18 12:37 3f8945a0.0 -> ca.pem -rw-r--r-- 1 root root 891 Dec 18 12:37 ca.key -rw-r--r-- 1 root root 976 Dec 18 12:37 ca.pem for example. --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
