c0re <[email protected]> writes: > # making clientkey > openssl genrsa -out client.key 2048 > # making certificate request > openssl req -new -key client.key -out client.csr > # signing > openssl x509 -req -days 1024 -CA ../ssl/rootcrt.pem -CAkey > ../ssl/rootkey.pem -in client.csr -out client.crt -CAserial > ../ssl/root.seq > > # configuring on client > TLS_CACERT /usr/local/etc/openldap/ssl-client/rootcrt.pem > TLS_CERT /usr/local/etc/openldap/ssl-client/client.crt > and > TLS_KEY /usr/local/etc/openldap/ssl-client/client.key > > Trying again with slapd debug and client calling "id test"
[...] As there are no obvious errors in the log you should get TLS properly working, prior to testing with pam. Just do a ldapsearch or a ldapwhoami either on uri ldaps:// or startTLS on ldap:// -Dieter -- Dieter Klünter | Systemberatung sip: [email protected] http://www.dpunkt.de/buecher/2104.html GPG Key ID:8EF7B6C6
