[Bug 217159] Re: slapd + gnutls fails
Adam Sommer
asommer70 at gmail.com
Tue Apr 15 16:31:54 BST 2008
>
> $ cat /etc/ldap/ldap.conf
> #
> # LDAP Defaults
> #
>
> # See ldap.conf(5) for details
> # This file should be world readable but not world writable.
>
> URI ldaps://127.0.0.1/
> BASE dc=nnn,dc=nnn
> TLS_REQCERT never
>
> $ cat /etc/ldap.conf
> base dc=nnn,dc=nnn
> uri ldaps://127.0.0.1/
> timelimit 120
> bind_timelimit 120
> idle_timelimit 3600
> ssl on
> pam_password exop
> bind_policy soft
> TLS_CACERTFILE /etc/pki/tls/certs/ca.nnn.nnn.crt
> TLS_REQCERT never
>
> Any comments on those? I've also dabbled with the
> nss_initgroups_ignoreusers parameter, but
> don't have any conclusive results on that.
>
>
I copied your config into my /etc/ldap/ldap.conf (changing the base
parameter), and using "TLS_REQCERT allow" worked fine for me. I use "never"
because my LDAP server is using a self-signed cert, and there used to be
issues without setting that option. The server I'm testing with was
upgraded from Dapper to Hardy.
I was just wondering if you are using libnss-ldap? Could it possibly be a
setting in /etc/ldap.conf?
--
Party On,
Adam
** Attachment added: "unnamed"
http://launchpadlibrarian.net/13464423/unnamed
--
slapd + gnutls fails
https://bugs.launchpad.net/bugs/217159
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap2.3 in ubuntu.
More information about the Ubuntu-server-bugs
mailing list