[389-users] Trouble using self signed certificates.

[Dumbo Q]

To answer a few questions,
Searching for any thing about ldap.conf in google gave me a lot of openldap specific stuff.  Sorry to have to post into this mailling list, but I figure that if im having this much trouble getting this to work, then there is a good chance others are too.

I've tried a few combinations of these and none have worked for me.
TLS_CACERT is pointing to CACert's root certificate.


Here is the current tail of my ldap.conf file.
TLS_CACERT /etc/pki/tls/certs/cacert.org-root.txt
TLS_CACERT_DIR /etc/pki/tls/certs
TLS_REQCERT  allow
uri ldaps://rhds.example.com:636/
ssl no
#tls_cacertdir /etc/pki/tls/certs
pam_password ssha



Interestingly enough,  it worked after doing the following.
cat /etc/pki/tls/certs/cacert.org-root.txt >> /etc/pki/tls/cert.pem
This is the symlink to ca-bundle.crt

My fear with this, is that I'll run a yum -y update on all my servers, and then nobody will be able to log in anywhere.







________________________________
From: Jean-Noel Chardron <Jean-Noel.Chardron at dr15.cnrs.fr>
To: General discussion list for the 389 Directory server project. <fedora-directory-users at redhat.com>
Sent: Wednesday, June 24, 2009 1:19:36 PM
Subject: Re: [389-users] Trouble using self signed certificates.

David Christensen a écrit :
> 
> I was having a similar issue yesterday, everything worked until I
> appended more then one CA to the file in /etc/openldap/cacerts, then it
> kept failing until I limited it to one CA.  Are you
>  using a single CA?
>  
The client authenticates to a server with a single authority, so why try to install two or more. otherwise you must use a file by CA in the directory.
unless you speak CA chain.

--
389 users mailing list
389-users at redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20090624/0aa5f56d/attachment.html>