Dear Collegues,
I have two different LDAP servers out of my control.
One of them moved to certs from LetsEncrypt, the other is still
using certs from our company CA.
In the past both of them used our company CA and I had the full chain
of the CA defined with option "ldap_ca_cert_file = myCAchain.pem"
and I also set "ldap_require_cert = hard"
With the one LDAP server starting to use LetsEncrypt-Certs I ran into troubles.
Filling the file myCAchain.pem with the LE-Chain satisfies the one LDAP query
but breaks the other one.
So I filled the ldap_ca_cert_file = myCAchain.pem
with *both* CA-Chains and this seems to work.
My question is, if this is the intended way to resolve this issue ?
The docs says:
This option indicates which file contains CA certificates for verifying a TLS certificate presented by an LDAP server
In the past I thought, that this file can hould only *one* CA chain
Regards, Olaf
--
Karlsruher Institut für Technologie (KIT)
Steinbuch Centre for Computing (SCC)
Dipl.-Geophys. Olaf Hopp
Zirkel 2
Gebäude 20.21, Raum 316
76131 Karlsruhe
Telefon: +49 721 608-48009
E-Mail: Olaf.Hopp@???
Web:
www.scc.kit.edu
Sitz der Körperschaft:
Kaiserstraße 12, 76131 Karlsruhe
KIT - Die Forschungsuniversität in der Helmholtz-Gemeinschaft
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
