--On Tuesday, March 13, 2012 11:03 AM -0700 Peter Wood
<[email protected]> wrote:
On Mon, Mar 12, 2012 at 9:41 PM, Quanah Gibson-Mount <[email protected]>
wrote:
--On Monday, March 12, 2012 6:52 PM -0700 Peter Wood
<[email protected]> wrote:
Hi,
I setup openldap-2.4.23 server
Why? I'd suggest you start with the current release, 2.4.30. You may
also want to look at <http://www.openldap.org/its/index.cgi/?findid=7197>
That's the openldap version in centos6.2 repo. In production I try to
stick with stock versions.
Also I tried all variations of olcTLSVerifyClient: [demand|hard|true]
with the same result.
I don't think StartTLS is enabled. I'm wondering if just
setting olcTLSCACertificateFile, olcTLSCertificateFile
and olcTLSCertificateKeyFile is enough to get StartTLS enabled.
It's very frustrating. I'd hate to go to ldaps just because I can't get
StartTLS working.
Is there anything else I have to set on the server to get StartTLS
working?
How are you testing to see if it or is not working? Just run ldapsearch -x
-ZZ -H ldap://<hostname>
to force startTLS
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
