Alex Samad wrote:
Hi
I am trying to build a network of ldap nodes sync with syncrepl using x509
certificates.
I ran into a problem when I setup the first slace node, I create a certificate
that did not have SSL Client purpose, but did have SSL Server purpose - I am
presuming it is this, because 2 certificates made exactly the same way, 1 fails
- the non SSL Client and the other works the one that has the SSL Client
purpose.
I am presuming that I need both purposes SSL Server and SSL Client - the former
to allow ldaps usage and the later for making ldap request and being a client
in a syncrepl scenario.
Is there
a) a way to specify another certificate to use in the syncrepl config
In OpenLDAP 2.4, yes. Read the manpage.
b) a way to not check for the SSL Client purpose in the certificate
That's a function of the SSL library; I would guess not.
For now I am going to create on that has both purposes ...
Alex
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
