Check this discussion
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462588
seems that gnutls has different way of specifying ciphers to use. Also
there is a mentioning of CN not matching FQDN in certificate.
I was always happy just setting minssf value in slapd.conf.
gp
On Tue, Mar 31, 2009
On Tue, Mar 31, 2009 at 01:38:29PM -0700, Maria McKinley wrote:
> Predrag Gavrilovic wrote:
>
[snip]
> > Try stoping slapd, put certificate information in config file, and
> > start slapd manualy with debugging "slapd -u openldap -g openldap -h
> > ldapi:/// -d255". Are there more indicative err
Predrag Gavrilovic wrote:
Thanks for the troubleshooting hints, comments in line.
Predrag Gavrilovic wrote:
> Are you sure that problem is not related to something simple as file
> permissions on private key for server certificate? Because that is
> only an last time when I had problems with op
Are you sure that problem is not related to something simple as file
permissions on private key for server certificate? Because that is
only an last time when I had problems with openldap and certificates.
gnutls doesn't support TLS_CACERTDIR option, that is setting
TLSCACertificatePath in slapd.co
I have been trying to get ldap to work with tls for a while, and have
been having a hard time. When I have the certificate info in slapd.conf,
slapd refuses to start, giving me the error:
main: TLS init def ctx failed: -1
With the certificate lines commented out, slapd starts with no problem,
5 matches
Mail list logo
