[Gllug] ldap and TLS
Xander D Harkness
xander at harkness.co.uk
Sat Feb 7 14:20:42 UTC 2004
I have set up an LDAP server which works happily.
I have set up a x509 certificate using the instructions from here:
http://research.imb.uq.edu.au/~l.rathbone/ldap/tls.shtml
Encryption works from the localhost so if I run:
ldapsearch -x -ZZ -b "dc=harkness,dc=co,dc=uk" -h mail.harkness.co.uk mail
(it only holds a few addresses so I am not terribly concerned about
public read access)
on the ldap server it works
if I run it on a separate host it does not. I realise that I am
supposed to copy across the ca.crt to the host, however I shall not have
that ability for all hosts that I want to connect. I had hoped that it
would work like a web or mail certificate to say that the certificate is
self signed or similar and then carry on.
If I set /etc/ldap.conf to tls_checkpeer no it makes no difference.
Is there anything that I am missing. I note that if I try to bind using
TLS and mozilla, mozilla dies horribly.
Can anyone suggest any mistakes I may have made?
Kind regards
Xander
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list