My thinking is that this somehow has something to do with the TLS_CACERT
in /etc/openldap/ldap.conf (the certificate for the client).
In general most folk don't need client certs, but AFAIK the openldap
ldapsearch
_requires_ that you present a client cert.
Would this be the issue?
Probably yes. Shouldn't you be using a user-specific ldap.conf for your
client-side config ?
Is there a better method for creating the client certificate from either
the CA certificate (generated by openssl) or from the FDS Server
Certificate (also generated by openssl)?
Provided the client cert was signed by the same CA as the server cert,
you should be ok. The client cert has no relationship per se with the
server cert.
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
