[Fedora-directory-users] SOLVED: NSPR "Certificate type not approved for application" error when a TLS-enabled proxy LDAP OpenLDAP server connects to Fedora Directory Server
Michael Ströder
michael at stroeder.com
Mon Apr 14 22:02:59 UTC 2008
Aleksander Adamowski wrote:
> It seems that whenever certificate authentication is an allowed
> possibility on the FDS server side, OpenLDAP client tries using it even
> if it is operating inside an OpenLDAP server environment (in which case
> it supplies its server certificate as client's - thus the problem).
OpenLDAP client lib supplies the client cert which was configured for
back-ldap. Check OpenLDAP's ldap.conf or slapd.conf and the relevant
man-pages.
> I think the problem is on OpenLDAP side (it shouldn't use its server
> certificate for client authentication when acting as an LDAP client).
I think the problem is with your particular configuration and the certs
you're using.
Ciao, Michael.
More information about the Fedora-directory-users
mailing list