On Mon, 2004-03-22 at 13:48, Tony Earnshaw wrote:
Evo's LDAP client doesn't need a cert and doesn't complain about self-signed certs - not 1.4.x, anyway.
I agree, so I think the problem comes from openLDAP. My slapd.conf is configured that way btw: TLSCertificateFile /usr/share/ssl/certs/server.pem TLSCertificateKeyFile /usr/share/ssl/certs/server.key TLSVerifyClient never TLSCACertificateFile /usr/share/ssl/certs/mycompanyCA.pem TLSCACertificatePath /usr/share/ssl/certs/ And it definitely works with Mozilla / Outlook, so there has to be something to do with evo. Both Mozilla/Outlook knows about our company CA (eg, it is included in their Trusting CA databases), while Evo do not. But then, I don't understand what the "TLSVerifyClient never" option is used for.. Thanks for the help. Regards;
--Tonni
--
Vincent Jaussaud
Kelkoo.com Security Manager
email: tatooin kelkoo com
GPG key: 1024D/3BFE3FC7 2002-02-07
"Those who desire to give up freedom in order to gain security will not
have, nor do they deserve, either one."
-- President Thomas Jefferson. 1743-1826
Attachment:
signature.asc
Description: This is a digitally signed message part