The most common reason for the ldifsort tool created a BAD record is a duplicate entry.
A BAD record is written to the BAD file, if one is specified (-b option), alongside the reason it is considered BAD, which can be one of the following:
The following tools can use an SSLD configuration file, using the -Z option:
By default, this file is named dxldap.conf. If your file has a different name, you can specify this in the -Z option.
The configuration file contains two lines, as follows:
Specifies the file that contains certificates for all of the Certificate Authorities the client will recognize.
This must be an absolute reference to a full path, without environment variables. Do not enclose the file path in quotation marks.
(Optional) Specifies the check to perform on server certificates in a TLS session, if any:
If this line is missing, the system uses TLS_REQCERT demand.
Example: dxldap.conf file on Windows
In this example, the second line specifies the TLS_REQCERT setting.
TLS_CACERT c:\program files\CA\Directory\dxserver\config\ssld\trusted.pem TLS_REQCERT allow
Example: dxldap.conf file on a UNIX System, Using the Default TLS_REQECRT Setting
In this example, the TLS_REQCERT setting is not specified, which means that the default value of demand will be used:
TLS_CACERT /opt/CA/Directory/dxserver/config/ssld/trusted.pem
Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |