Hi, I've just started playing with fedora-ds and TLS by following the howto unless I'm wrong the step-by-step certificate creation creates an invalid certificate... I ended up generating one from cacert.org also the following: > Configure LDAP clients > Modify the following in /etc/openldap/ldap.conf > > URI ldap://example.com > BASE dc=example,dc=com > HOST example.com > TLS_CACERTDIR /etc/openldap/certs/ > TLS_REQCERT allow > > Note: Make sure TLS_CACERTDIR exists might lead to confusion... I initially thought everything was working but the line TLS_REQCERT allow... allows fallback to standard ldap shouldn't this example be > Configure LDAP clients > Modify the following in /etc/openldap/ldap.conf > > URI ldaps://example.com > BASE dc=example,dc=com > TLS_CACERTDIR /etc/openldap/certs/ > TLS_REQCERT demand > > Note: Make sure TLS_CACERTDIR exists The HOST line doesn't seem to be needed (for authentication anyways) and again may be a bit confusing also I couldn't get things working without a copy of cacerts pem certificate in /etc/openldap/certs/ thanks for clarifying my mistakes/misinterpretations/changing the howto... etc -- ************************************************************ Ivan Ivanyi Swiss Institute of Bioinformatics 1, rue Michel Servet CH-1211 Gen?ve 4 Switzerland Tel: (+41 22) 379 58 33 Fax: (+41 22) 379 58 58 E-mail: Ivan.Ivanyi at isb-sib.ch ************************************************************ PGP signature http://www.expasy.org/people/Ivan.Ivanyi.gpg
