[Fedora-directory-users] TLS for dummies
David Boreham
david_list at boreham.org
Sat Dec 10 06:42:33 UTC 2005
Howard Chu wrote:
>>> My thinking is that this somehow has something to do with the
>>> TLS_CACERT
>>> in /etc/openldap/ldap.conf (the certificate for the client).
>>>
>>>
>>>
>>
>> In general most folk don't need client certs, but AFAIK the openldap
>> ldapsearch _requires_ that you present a client cert.
>>
>
>
> Wrong. Client certs are only needed if you want to do
> certificate-based client authentication, and the default settings do
> not require them.
That's good to know. I remember spending a few days trying to persuade
OL to do a
non-cert-based-auth connection and ultimately failing, but I'm pleased
to hear that it can.
> Of course, the TLS_CACERT directive, as the name suggests, is for
> setting the path to the CA cert, and by default it *is* required. I
> think your terminology is imprecise here, so that may be confusing the
> issue.
Yes, I was reading the OP's description: 'certificate for the client',
and not the config directive name
which as you point out was actually for the CA cert.
More information about the Fedora-directory-users
mailing list