I create two new certificate for different LDAP Server, one customer and one
provider.
run slapd -d 127 "ldaps://" in CLI
they could verify each other, but I could not use ldapmodify to import data
yet, error info is the same.
gtalk:freeespe...@gmail.com
On Fri, Jul 2, 2010 at 2:37 PM, owen n
if CN must be the fully qualified domain name, so, a specific CA could not
issue two certificate with the same CN if the LDAP Server need act as server
and client contemporary.
how to issue two certificate to make ldap server to act as server and client
contemporary
gtalk:freeespe...@gmail.com
The CN should be the fully qualified domain name, aka if my server is
ldap.domain.com, the CN must match ldap.domain.com, and you must connect to the
server using ldap://ldap.domain.com. It is the cause of most TLS issues.
On 02/07/2010, at 2:51 PM, owen nirvana wrote:
> create a new certificat
create a new certificate and key , CN = Administrator, no more verify
failed, but
" ldap_start_tls : Can't Contact LDAP Server(-1)" is repoerted yet, no
addition info
gtalk:freeespe...@gmail.com
On Fri, Jul 2, 2010 at 12:47 PM, owen nirvana wrote:
> thanks
>
> about " Your servers CN on the
thanks
about " Your servers CN on the certificate must also match the hostname of
the server."
is it means CN should be username of OS like Administrator, or ldap server
name like "ldap.server"
gtalk:freeespe...@gmail.com
On Fri, Jul 2, 2010 at 11:24 AM, Indexer wrote:
>
> On 02/07/2010, at
On 02/07/2010, at 12:49 PM, owen nirvana wrote:
> I set tls options to use ldaps.
When using TLS you dont need LDAPS, you want to set your systems to
ldap://ldap.server
>
> question 1:
> port 389 is opened yet when I scan the LDAP Server by nmap, but I could not
> connect it with Apache Direc
I set tls options to use ldaps.
question 1:
port 389 is opened yet when I scan the LDAP Server by nmap, but I could not
connect it with Apache Directory Studio v1.5.3.
question 2:
Nmap tell me "server still supports SSLv2", but I set TLSCipherSuite is
HIGH:MEDIUM:-SSLv2
question 3:
I try to im
