Hi,
I've just started playing with fedora-ds and TLS by following the howto
unless I'm wrong the step-by-step certificate creation creates an
invalid certificate... I ended up generating one from
cacert.org
also the following:
Configure LDAP clients
Modify the following in /etc/openldap/ldap.conf
URI
ldap://example.com
BASE dc=example,dc=com
HOST
example.com
TLS_CACERTDIR /etc/openldap/certs/
TLS_REQCERT allow
Note: Make sure TLS_CACERTDIR exists
might lead to confusion... I initially thought everything was working
but the line TLS_REQCERT allow... allows fallback to standard ldap
shouldn't this example be
Configure LDAP clients
Modify the following in /etc/openldap/ldap.conf
URI
ldaps://example.com
BASE dc=example,dc=com
TLS_CACERTDIR /etc/openldap/certs/
TLS_REQCERT demand
Note: Make sure TLS_CACERTDIR exists
The HOST line doesn't seem to be needed (for authentication anyways) and
again may be a bit confusing
also I couldn't get things working without a copy of cacerts pem
certificate in /etc/openldap/certs/
thanks for clarifying my mistakes/misinterpretations/changing the
howto... etc
--
************************************************************
Ivan Ivanyi
Swiss Institute of Bioinformatics
1, rue Michel Servet
CH-1211 Genève 4
Switzerland
Tel: (+41 22) 379 58 33
Fax: (+41 22) 379 58 58
E-mail: Ivan.Ivanyi(a)isb-sib.ch
************************************************************
PGP signature
http://www.expasy.org/people/Ivan.Ivanyi.gpg