Hi,

I am trying to configure the Password Policy for my users and read that you would not be able to use the Policy unless you set up SSL/TLS.

I am using 389 Server version 1.2.2.   Also I am running the Server on Fedora 11 64 bit.  All clients are also Fedora 11 64 bit.

I followed the instructions in setting up SSL here  at  http://directory.fedoraproject.org/wiki/Howto:SSL

I ran the setupssl2.sh script and it completed with no errors.  In the 389 Admin Console I could see the certificates for both the Admin Server and DS Server in the

Manage Certificates screens.

Also, I do not want to use SSL for the Admin Server or the Admin Console.  I just want to be able to use it for user authentication so the Password Policy works.

Bottom line is that I cannot get both features (Password Policies and SSL) working.  Any help would be greatly appreciated.

Up to this point here are my questions:

1)       In the Directory Server GUI from the 389 Admin Console what certificate do I use to populate the Certificate field in the Encryption Tab?

2)      In the Client Authentication Block in the same Encryption Tab  as #1 above, I have selected Require client authentication.  Is this correct?

3)      What are the differences between /etc/openldap/ldap.conf   and   /etc/ldap.conf?  What are the client configurations needed to make this work?

4)      How do you get the certificate on the client machines?  What I did was copy from the server the cacert.asc file that is located in /etc/dirsrv/slapd-hadmina

Thanks and I hope there is someone out there that can help me get this working!

Paul