On 3/5/07, Alexander Lopez <zepolar at gmail.com>
wrote:> Hi everybody
> I have setting my ldap server. But I created an certificate with the
> following command:
> cd /usr/share/ssl/certs; make ldap.pem
> Then edit slapd.conf file a insert the following lines:
> TLSCipherSuite HIGH:MEDIUM:+SSLv2
> TLSCACertificateFile /usr/share/ssl/certs/ldap.pem
> TLSCertificateFile /usr/share/ssl/certs/ldap.pem
> TLSCertificateKeyFile /usr/share/ssl/certs/ldap.pem
> I restart the service. Then, I run the comando authconfig and I select ldap
> with tls. I review the logs ldap server a thrown the following:
> Mar 5 11:54:38 eucalipto slapd[711]: conn=13 fd=14 ACCEPT from
> IP=172.16.12.160:33935 (IP=0.0.0.0:389 )
> Mar 5 11:54:38 eucalipto slapd[711]: conn=13 op=0 STARTTLS
> Mar 5 11:54:38 eucalipto slapd[711]: conn=13 op=0 RESULT oid= err=0
text> Mar 5 11:54:39 eucalipto slapd[711]: conn=13 fd=14 closed (TLS
negotiation
> failure)
> I need you help.
Add the following to /etc/openldap/ldap.conf
TLS_REQCERT allow
--
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell