Re: [Evolution] evolution 1.4.5 + LDAP + TLS problem
- From: Tony Earnshaw <tonye billy demon nl>
- To: Evolution list <evolution lists ximian com>
- Subject: Re: [Evolution] evolution 1.4.5 + LDAP + TLS problem
- Date: Mon, 22 Mar 2004 18:02:01 +0100
man, 22.03.2004 kl. 15.58 skrev Vincent Jaussaud:
Evo's LDAP client doesn't need a cert and doesn't complain about
self-signed certs - not 1.4.x, anyway.
I agree, so I think the problem comes from openLDAP.
My slapd.conf is configured that way btw:
TLSCertificateFile /usr/share/ssl/certs/server.pem
TLSCertificateKeyFile /usr/share/ssl/certs/server.key
TLSVerifyClient never
TLSCACertificateFile /usr/share/ssl/certs/mycompanyCA.pem
TLSCACertificatePath /usr/share/ssl/certs/
TLSCACertificatePath should not be given without prior, vry good doc
reading.
And it definitely works with Mozilla / Outlook, so there has to be
something to do with evo.
As I wrote, my Evo is 1.4.5, Openldap is 2.2.6. But it's also worked
with earlier versions of both, though earlier Evo than 1.4.5 (last was
1.2.x) was *horrible* and gave all sorts of problems.
Both Mozilla/Outlook knows about our company CA (eg, it is included in
their Trusting CA databases), while Evo do not.
O.k.
But then, I don't understand what the "TLSVerifyClient never" option is
used for..
It isn't, unless you're using Openldap's SASL external. Just forget it
:)
--Tonni
--
mail: billy - at - billy.demon.nl
http://www.billy.demon.nl
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
