That makes sense as I am using the self signed method described in section 4.1. The problem I have is I am on Fedora Core 4 and there is no CA.sh script like described in section 4.2, which I imagine that would make things happy. I assume there is a manual way to do this without the script. If anyone has a link to a HowTo to set up a CA in Fedora without the CA.sh script, I would be most appreciative. In the mean time, it is off to Google.
Thanks! ________________________________________ Chip Burke -----Original Message----- From: Jon Roberts [mailto:[EMAIL PROTECTED] Sent: Friday, February 03, 2006 2:01 PM Cc: Chip Burke; [email protected] Subject: Re: TLS fails Aaron Richton wrote: > Sounds like you're on the right track with the server. But I see no note > of using ldap.conf or .ldaprc to set TLS_CACERT directive for your client. > See ldap.conf(5). For a local CA, you will also want the line: TLSCACertificateFile /path/to/your/cacert.pem in your slapd.conf file. The error message you are getting indicates that you are not finding the CA for verification. Jon Roberts www.mentata.com
