Hi, there are 2 possible solutions. 1st: each client need the correct cert that he can connect. 2nd: if you wanna use ist like "ssl webpages", you need to set this in slapd.conf (disables client cert checking)
TLSVerifyClient never regards Am 04.12.2009 11:16, schrieb Chamith Kumarage: > Hi Folks, > > I have setup openldap with SSL and i'm using self signed certs. I have > included the following in my slapd.conf. > > TLSCipherSuite HIGH:MEDIUM:-SSLv2 > TLSCACertificateFile /etc/ldap/ssl/server.pem > TLSCertificateFile /etc/ldap/ssl/server.pem > TLSCertificateKeyFile /etc/ldap/ssl/server.pem > TLSVerifyClient demand > > and in my ldap.conf I have; > > HOST <my_ip> > PORT 636 > TLS_REQCERT /etc/ldap/ssl/server.pem > > > When I start the service, I see port 636 is up and I can even telnet to > it. But I cannot perform any ldap operations there. > > Any help would be appreciated! > > Thanks, > ~Chamith > >
