2016-08-06 20:03 GMT+03:00 Ryan Tandy :
> On Sat, Aug 06, 2016 at 07:14:37PM +0300, Matwey V. Kornilov wrote:
>>
>> After inspecting source code I've just found that TLS_KEY and TLS_CERT
>> are ignored if located in /etc/openldap/ldap.conf.
>> Why does it not written in man
On Sat, Aug 06, 2016 at 07:14:37PM +0300, Matwey V. Kornilov wrote:
After inspecting source code I've just found that TLS_KEY and TLS_CERT
are ignored if located in /etc/openldap/ldap.conf.
Why does it not written in man ldap.conf(5) explicitly?
It is.
TLS_CERT
Specifies
> On Aug 06, 2016, at 12.14, Matwey V. Kornilov
> wrote:
>
> After inspecting source code I've just found that TLS_KEY and TLS_CERT
> are ignored if located in /etc/openldap/ldap.conf.
> Why does it not written in man ldap.conf(5) explicitly?
from ldap.conf(5):
Matwey V. Kornilov wrote:
After inspecting source code I've just found that TLS_KEY and TLS_CERT
are ignored if located in /etc/openldap/ldap.conf.
Why does it not written in man ldap.conf(5) explicitly?
The ldap.conf(5) manpage says clearly "This is a user-only option."
I've spent two days
After inspecting source code I've just found that TLS_KEY and TLS_CERT
are ignored if located in /etc/openldap/ldap.conf.
Why does it not written in man ldap.conf(5) explicitly? I've spent two
days of my precious life to dig it out.
Now it works.
2016-08-06 16:07 GMT+03:00 Matwey V. Kornilov
John Lewis wrote:
> How is this?
>
> olcAccess: {0}to * by
> dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
> by * break
> olcAccess: {1}to dn.base="" by * read
> olcAccess: {2}to attrs=userPassword,shadowLastChange by self write by
> anonymous auth by * none
>
Hello,
I am running openldap 2.4.41 and I've failed to setup client certificate
validation. TLS works well until olcTLSVerifyClient is set to demand.
Then I see
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
at client side.
And
connection_read(11): TLS accept failure error=-1 id=1021,
On 08/05/2016 09:08 AM, Frank Swasey wrote:
> Today at 8:10am, John Lewis wrote:
>
>> olcAccess: {0}to * by
>> dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
>> by * break
>> olcAccess: {1}to dn.base="" by * read
>> olcAccess: {2}to * by * read
>> olcAccess: {3}to