On Fri, Feb 14, 2003 at 10:36:13AM -0500, Stephen Frost wrote:
> > some support for TLS connections, but slapd accepts connection
> > even if client's cert. cannot be verified by ca's cert. Versions
> > 2.1.x works correctly from this point of view with the same configuration
> > which was tested on openldap-2.0.27 from Sid branch.
>
> That's correct, that was a change in the openldap source code itself I
> believe. The Debian OpenLDAP 2.1 packages will also verify by default
> (though I beleive there's an option in 2.1 to turn it off).
Hmm, interesting. The documentation of slapd in 2.1 states this:
TLSVerifyClient <level>
Specifies what checks to perform on client certificates in an
incoming TLS session, if any. The <level> can be specified as
one of the following keywords:
never This is the default. slapd will not ask the client for a
certificate.
[...]
I have not really used TLS with OpenLDAP for that though. Up to now the
encryption was all I wanted...
Greetings
Torsten
Attachment:
pgpemoWZI3k_H.pgp
Description: PGP signature