Harakiri wrote:
--- Emmanuel Lecharny <[EMAIL PROTECTED]> wrote:
Seems to be a known problem with Outlook :
http://www.openldap.org/lists/openldap-software/200204/msg00723.html
Well what do you know - the second issue is also a
quirk in Outlook (any version) - the problem was -
that the SSL certificate has to match the hostname
exactly - if it is empty or you do not connect using
the DNS name - outlook will simply refuse the
connection even if the cert itself is trusted.
Great - so what i did for testing was just edit my
hosts file and point the IP of the apacheDS to the
"right" DNS name.
Great !
What would be very cool is to send us a quick report or 'howto' which
can be added to our wiki. This could be very helpfull for the few person
who are using Outlook (500 hundred millions ? ;)
BTW: In the 1.5.2 API i didnt found an easy way to
change the SSL Certificate (previously a
setCertificateFile etc existed) - so i did the
following - is this the intended way currently?
The 1.5.2 version brings a very interesting feature : the server can
self build a certificate, instead on depending on an admin to generate a
certificate, sign it, store it in a keystore... Now, the firt time you
try to connect to the server using LDAPS, if the server does not have a
certificate, it will generate one, stores it into the DIT, and use it to
establish the connexion. If needed, you can still setup your own
certificate (for instance, if you bought one)
Of course, this is not yet doccumented ;)
Regarding the code, I would let Alex validate it.
Thanks !
--
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org
