Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'LDAP auth hits SSL snag' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
LDAP auth hits SSL snag
Authored by: Willfon on Sep 04, '02 08:39:26AM
We have been trying to get our Jaguar macs to authenticate using SSL encrypted LDAP connections to our OpenLDAP v2.1.3 Linux computer. As long as the SSL is switched off things work smothly. The moment we turn SSL encryption on everything stops. For quite some time as well, since timeout is set to a default 120 seconds. I have tried to get help for this on several mailing lists, but have yet to find a fix to this problem.


The error log from the server is here[folk.uio.no] for the interested. We have now sendt a question about this to ADC.


[ Reply to This | # ]

It works here...
Authored by: mefoster on Dec 11, '02 06:55:59AM

I have LDAP/SSL authentication working against our openldap servers.

Initially I ran into all of the problems that you have but eventually figured out that the LDAP client needs to be able to verify the server cert (we sign our own).

The solution is to put a copy of the CAcert that signed the server cert somewhere on the client. /System/Library/OpenSSL/certs will do.

Then you need to tell the client where to find it.
Edit /etc/openldap/ldap.conf and add the line:

TLS_CACERT /System/Library/OpenSSL/certs/<caertfile>

where <cacertfile> is the name of the file you copied.

Now... if only I could get it to work with TLS on port 389...

Mark



[ Reply to This | # ]