Hi,
On Tue, Aug 18, 2009 at 12:50, Eric B.ebenze@hotmail.com wrote:
Any suggetsions / ideas?
I believe you have to copy the certificate to /etc/openldap/cacerts/ in the LDAP client. The certificate file name there is special, it should be hashed from the certificate data... I believe the easiest way to install it there is using the "authconfig" command and specifying the certificate URL.
You should also have TLS_CACERTDIR /etc/openldap/cacerts on /etc/openldap/ldap.conf (not only /etc/ldap.conf, they are different!)
I also did not have much luck with self-signed certificates with LDAP, I had to create a self-signed certificate for a "dummy" CA, and then use that certificate to sign a certificate for the LDAP server with the server's name as a cn.
I believe you should be able to test it using "ldapsearch" with the "-Z" and "-ZZ" options in order to require TLS and see if that works. I suggest you first get that part working fine before going on with your libuser configuration...
LDAP with TLS is kind of a pain to set up... but once it is running it really works OK.
HTH, Filipe