Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'It works here...' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
It works here...
Authored by: mefoster on Dec 11, '02 06:55:59AM

I have LDAP/SSL authentication working against our openldap servers.

Initially I ran into all of the problems that you have but eventually figured out that the LDAP client needs to be able to verify the server cert (we sign our own).

The solution is to put a copy of the CAcert that signed the server cert somewhere on the client. /System/Library/OpenSSL/certs will do.

Then you need to tell the client where to find it.
Edit /etc/openldap/ldap.conf and add the line:

TLS_CACERT /System/Library/OpenSSL/certs/<caertfile>

where <cacertfile> is the name of the file you copied.

Now... if only I could get it to work with TLS on port 389...

Mark



[ Reply to This | # ]