Hi,
I''ve just started playing with fedora-ds and TLS by following the howto
unless I''m wrong the step-by-step certificate creation creates an
invalid certificate... I ended up generating one from cacert.org
also the following:
> Configure LDAP clients
> Modify the following in /etc/openldap/ldap.conf
>
> URI ldap://example.com
> BASE dc=example,dc=com
> HOST example.com
> TLS_CACERTDIR /etc/openldap/certs/
> TLS_REQCERT allow
>
> Note: Make sure TLS_CACERTDIR exists
might lead to confusion... I initially thought everything was working
but the line TLS_REQCERT allow... allows fallback to standard ldap
shouldn''t this example be
> Configure LDAP clients
> Modify the following in /etc/openldap/ldap.conf
>
> URI ldaps://example.com
> BASE dc=example,dc=com
> TLS_CACERTDIR /etc/openldap/certs/
> TLS_REQCERT demand
>
> Note: Make sure TLS_CACERTDIR exists
The HOST line doesn''t seem to be needed (for authentication anyways)
and
again may be a bit confusing
also I couldn''t get things working without a copy of cacerts pem
certificate in /etc/openldap/certs/
thanks for clarifying my mistakes/misinterpretations/changing the
howto... etc
--
************************************************************
Ivan Ivanyi
Swiss Institute of Bioinformatics
1, rue Michel Servet
CH-1211 Genève 4
Switzerland
Tel: (+41 22) 379 58 33
Fax: (+41 22) 379 58 58
E-mail: Ivan.Ivanyi@isb-sib.ch
************************************************************
PGP signature
http://www.expasy.org/people/Ivan.Ivanyi.gpg