If you are using a self-signed certificate, or are having issues with your certificate from a Certificate Authority that is not recognized, follow these instructions to allow client connections via SSL.
- Copy your public certificate file to a location of your choice on your Mac OS X startup disk. If you simply created a self-signed certificate, just use that certificate file in place of the Certificate Authority's public certificate.
- While logged in as root, open the file /etc/openldap/ldap.conf in your preferred text editor.
- In that file, add this line:
TLS_CACERT
Note: Replace "" with the actual pathname of your certificate file. It could look like:TLS_CACERT /Users/certificate_file
- To enable certificate checking, remove the line "TLS_REQCERT never", if it is present, from /etc/openldap/ldap.conf.
Note: The default setting in /etc/openldap/ldap.conf for Mac OS X 10.3 is to disable certificate checking. This is to support self-signed certificates in the out-of-box state.
- Restart the computer.