On Mon, Mar 12, 2012 at 9:41 PM, Quanah Gibson-Mount <[email protected]>wrote:
> --On Monday, March 12, 2012 6:52 PM -0700 Peter Wood < > [email protected]> wrote: > > Hi, >> >> >> I setup openldap-2.4.23 server >> > > Why? I'd suggest you start with the current release, 2.4.30. You may > also want to look at > <http://www.openldap.org/its/**index.cgi/?findid=7197<http://www.openldap.org/its/index.cgi/?findid=7197> > > > > That's the openldap version in centos6.2 repo. In production I try to stick with stock versions. Also I tried all variations of olcTLSVerifyClient: [demand|hard|true] with the same result. I don't think StartTLS is enabled. I'm wondering if just setting olcTLSCACertificateFile, olcTLSCertificateFile and olcTLSCertificateKeyFile is enough to get StartTLS enabled. It's very frustrating. I'd hate to go to ldaps just because I can't get StartTLS working. Is there anything else I have to set on the server to get StartTLS working? Thanks Peter
