[Gllug] ldap and TLS

Xander D Harkness xander at harkness.co.uk
Sat Feb 7 14:20:42 UTC 2004


I have set up an LDAP server which works happily.

I have set up a x509 certificate using the instructions from here:

http://research.imb.uq.edu.au/~l.rathbone/ldap/tls.shtml

Encryption works from the localhost so if I run:

ldapsearch -x -ZZ -b "dc=harkness,dc=co,dc=uk" -h mail.harkness.co.uk mail

(it only holds a few addresses so I am not terribly concerned about 
public read access)

on the ldap server it works

if I run it on a separate host it does not.  I realise that I am 
supposed to copy across the ca.crt to the host, however I shall not have 
that ability for all hosts that I want to connect.  I had hoped that it 
would work like a web or mail certificate to say that the certificate is 
self signed or similar and then carry on.

If I set /etc/ldap.conf to tls_checkpeer no it makes no difference.

Is there anything that I am missing.  I note that if I try to bind using 
TLS and mozilla, mozilla dies horribly.

Can anyone suggest any mistakes I may have made?

Kind regards
Xander

-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list