AW: AW: Fedora 2 und OpenLDAP Server

Mon Nov 1 12:41:06 UTC 2004

On Monday 01 November 2004 13:32, Frank Büttner wrote:

Mann hab` ich heute eine Leitung - der Server versucht natuerlich das CLIENT 
Certifikat zu lesen ...  

Also brauchst Du das hier: 

TLSVerifyClient <level>
              Specifies what checks to perform on client  certificates  in  an
              incoming  TLS  session, if any.  The <level> can be specified as
              one of the following keywords:

              never  This is the default.  slapd will not ask the client for a
                     certificate.

              allow  The  client  certificate is requested.  If no certificate
                     is provided, the session proceeds  normally.   If  a  bad
                     certificate  is  provided,  it  will  be  ignored and the
                     session proceeds normally.

              try    The client certificate is requested.  If  no  certificate
                     is  provided,  the  session  proceeds normally.  If a bad
                     certificate  is  provided,  the  session  is  immediately
                     terminated.

Es sei denn Du willst tatsaechlich auf beiden Seiten Certs einzetzen. 
Aber ich wuerde es sowieso erstmal nur mit einer Seite versuchen. 

Gruesse,
Dirk 

--
http://www.linux4all.de/livecd