On Tue, Sep 20, 2005 at 08:52:44AM -0500, Craig L. Ching wrote: > Hold on Dmitriy, I was out of town last week and some kind soul responded to a message I'd put out a couple of weeks ago. Here it is, I'm going to take his advice and I'll let you know how it goes: thnx. > > Is OpenLDAP expected to have ldap_ssl.h? Or is ldap_start_tls_s > > support enough? I'm a bit clueless about the difference between SSL > > and TLS, I just need to get a secure connection to Novell e-directory. Difference between SSL and TLS very small. When your use SSL your have SSL connection on specific SSL port, and, after that, use plain HTTP, or POP3, or IMAP4, ... over this tunnel. When you use TLS, you, use connection to STANDART port for same service, after that, send command STARTTLS, after that use SSL connection on standart service port. > These files are used in the Sun LDAPSDK. The message in the logfile is misleading. OpenLDAP supports SSL but this message indicates that you have not set the LDAPTrustedCA and LDAPTrustedCAType directives. Possible. But it not my case. It fine certificate: $ sudo openssl verify -CAfile /usr/local/etc/ssl/cacert.pem -verbose /usr/local/etc/openldap/ssl/slapd-free2.mow.crt /usr/local/etc/openldap/ssl/slapd-free2.mow.crt: OK And, as I write previously, I get error message, when apache started. WITHOUT ldap-connection (I look tcpdump in this moment) WBR -- Dmitriy Kirhlarov OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia P:+7 095 105 7247 F:+7 095 105 7246 E:DmitriyKirhlarov@xxxxxxxxxxxx OILspace - The resource enriched - www.oilspace.com --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx