On Fri, Feb 14, 2003 at 10:36:13AM -0500, Stephen Frost wrote: > > some support for TLS connections, but slapd accepts connection > > even if client's cert. cannot be verified by ca's cert. Versions > > 2.1.x works correctly from this point of view with the same configuration > > which was tested on openldap-2.0.27 from Sid branch. > > That's correct, that was a change in the openldap source code itself I > believe. The Debian OpenLDAP 2.1 packages will also verify by default > (though I beleive there's an option in 2.1 to turn it off). Hmm, interesting. The documentation of slapd in 2.1 states this: TLSVerifyClient <level> Specifies what checks to perform on client certificates in an incoming TLS session, if any. The <level> can be specified as one of the following keywords: never This is the default. slapd will not ask the client for a certificate. [...] I have not really used TLS with OpenLDAP for that though. Up to now the encryption was all I wanted... Greetings Torsten
Attachment:
pgpemoWZI3k_H.pgp
Description: PGP signature