> I have to use self-signed SSL certificates, since the servers are located in > intranet, they have no 'real' domain names.
Names in certificates used in connection do not need to take a part in "authentication". Study the difference between authentication and authorization. > > The problem is I can't figure out how to specify ldap.conf SSL parameters so > that they could > - verify LDAP server certificate > - be used with both primary and secondary LDAP servers > > Also, I'd prefer to use TLS - how do I run slapd so that it provided TLS-aware > connection on the standard port? Is it possible to set up slapd so that TLS be > optional (for testing/transition purposes). To setup slapd with SSL (ldaps) , add ldaps:/// argument to it. > > I would greatly appreciate references to the relevant docs on these. Answers for your questions are in man ldap.conf, and man slapd manual pages. Regards, DT -- http://dtpw.pl/mywork http://dtpw.pl/buell [ 25th anniversary of Buell - American Motorcycles ]
