On Fri, Feb 01, 2008 at 02:05:58PM +0100, Niccolo Rigacci wrote: > However this is strange beacuse LDAP.CONF(5) states that > TLS_REQCERT "allow" means:
> The server certificate is requested. If no certificate is > provided, the session proceeds normally. If a bad certificate > is provided, it will be ignored and the session proceeds normally. > But the session does not proceeds normally, even if I add > a subjectAltName into the certificate. What client are you using? If you use ldapsearch -ZZ, for instance, this overrides the TLS_REQCERT value in /etc/ldap/ldap.conf. Do you have a TLSVerifyClient value set in /etc/ldap/slapd.conf? There is a bug in 2.4.7 that results in the server requiring client certificates by default for all TLS/SSL connections. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ [EMAIL PROTECTED] [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
