NSPR "Certificate type not approved for application" error when a TLS-enabled proxy LDAP OpenLDAP server connects to Fedora Directory Server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi!

I have a proxy OpenLDAP server (based on slapd-ldap) backend that 
connects to Fedora Directory server.

All is fine if OpenLDAP is configured to connect using non-SSL URI 
without TLS.

However, whenever I try TLS on port 389 or SSL on port 636, OpenLDAP 
uses its server certificate during TLS/SSL negotiation and Fedora 
Directory decides that this certificate usage isn't good because it's 
not a client certificate. In FDS logs I can see:

[14/Apr/2008:11:33:33 +0200] conn=1474 fd=65 slot=65 SSL connection from 
IP_OF_OPENLDAP to IP_OF_FDS
[14/Apr/2008:11:33:33 +0200] conn=1474 Netscape Portable Runtime error 
-8101 (Certificate type not approved for application.); unauthenticated 
client E=some_email,CN=hostname,ETC,ETC,; issuer E=ISSUER_DATA
[14/Apr/2008:11:33:33 +0200] conn=1474 op=-1 fd=65 closed - Certificate 
type not approved for application.

Is there a way to relax those requirements in Fedora Directory for this 
particular case (LDAP client that uses a server certificate)?  Like, say 
some tweaks in nss.conf?


-- 
Best Regards,
    Aleksander Adamowski
        GG#: 274614
        ICQ UIN: 19780575 
	http://olo.org.pl

--
Aleksander Adamowski
    Administrator system?w korporacyjnych; Instruktor
    Altkom Akademia S.A. http://www.altkom.pl
    Warszawa, ul. Ch?odna 51
    tel. brak
    kom. +48 601-318-080

S?d Rejonowy dla m.st. Warszawy w Warszawie, XII Wydzia? Gospodarczy Krajowego Rejestru S?dowego,
KRS: 0000120139, NIP 118-00-08-391, Kapita? zak?adowy: 1000 000 PLN.  Adres rejestrowy Firmy - ul. Stawki 2, 00-193 Warszawa.
Niniejsza wiadomo?? zawiera informacje zastrze?one i stanowi?ce tajemnic? przedsi?biorstwa firmy Altkom Akademia S.A.
Ujawnianie tych informacji osobom trzecim lub nieuprawnione wykorzystanie ich do w?asnych cel?w jest zabronione.
Je?eli otrzymali?cie Pa?stwo niniejsz? wiadomo?? omy?kowo, prosimy o niezw?oczne skontaktowanie si? z nadawc? oraz usuni?cie wszelkich kopii niniejszej wiadomo?ci.
This message contains proprietary information and trade secrets of Altkom Akademia S.A. company.
Unauthorized use or disclosure of this information to any third party is prohibited.
If you received this message by mistake, please contact the sender immediately and delete all copies of this message.
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux