Dear Collegues, I have two different LDAP servers out of my control. One of them moved to certs from LetsEncrypt, the other is still using certs from our company CA. In the past both of them used our company CA and I had the full chain of the CA defined with option "ldap_ca_cert_file = myCAchain.pem" and I also set "ldap_require_cert = hard"
With the one LDAP server starting to use LetsEncrypt-Certs I ran into troubles. Filling the file myCAchain.pem with the LE-Chain satisfies the one LDAP query but breaks the other one. So I filled the ldap_ca_cert_file = myCAchain.pem with *both* CA-Chains and this seems to work. My question is, if this is the intended way to resolve this issue ? The docs says: This option indicates which file contains CA certificates for verifying a TLS certificate presented by an LDAP server In the past I thought, that this file can hould only *one* CA chain Regards, Olaf -- Karlsruher Institut für Technologie (KIT) Steinbuch Centre for Computing (SCC) Dipl.-Geophys. Olaf Hopp Zirkel 2 Gebäude 20.21, Raum 316 76131 Karlsruhe Telefon: +49 721 608-48009 E-Mail: olaf.h...@kit.edu Web: www.scc.kit.edu Sitz der Körperschaft: Kaiserstraße 12, 76131 Karlsruhe KIT - Die Forschungsuniversität in der Helmholtz-Gemeinschaft
smime.p7s
Description: S/MIME Cryptographic Signature
-- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
