On Wed, 2010-10-06 at 09:49 -0400, Scott Robbins wrote:
On Wed, Oct 06, 2010 at 03:32:03PM +0200, Mathieu Baudier wrote:
Did you, on the server, change the new, undocumented, /etc/sysconfig/ldap file's entry for SLAPD_LDAPS and restart the ldap service on the server?
This settings was indeed set to no.
I changed the settings to yes and restarted the service, but it did not change anything.
About the only other thing I can think of is an issue I ran into on later versions of Fedora. Now, /etc/openldap/ldap.conf needs TLS_REQCERT allow, but I think that's a Fedora thing. (On the other hand, we're only using CentOS as a server, not a client.)
---- TLS_REQCERT allow is not a Fedora thing but rather typically necessary when you use a self-signed cert because there is no chain to a recognized CA. Thus any client whether Fedora, Ubuntu or CentOS might very well need that configuration.
Craig