On Sun, May 21, 2006 at 06:39:56PM -0700, Steve Langasek wrote: > On Mon, May 22, 2006 at 11:21:53AM +1000, Alexander Samad wrote: > > On Sun, May 21, 2006 at 05:29:49PM -0700, Steve Langasek wrote: > > > I tried setting ssl=on in the /etc/ldap/ldap.conf file ( I downloaded > > the source and had a look at ldap.c) but that made no difference, but I > > did notice there was a section that was #ifdef out for ssl - it had > > another type of bind function call. > > > When I changed the ssl=on the debug info was the same except that ssl > > (yes) was printed out instead of ssl (no) > > Ok. > > > I have set it up so that client authentication is not need for ldaps. > > However, I believe that by default libldap requires access to a trusted copy > of the *server* certificate in order to establish an ldaps connection. Is > it possible that pam_ldap and nss_ldap have access to *this* certificate, > while sudo-ldap does not? just tested coped /etc/ssl/certs/ca-certificates.crt to /tmp and all the files in /etc/ssl/certs/ are readable
> > -- > Steve Langasek Give me a lever long enough and a Free OS > Debian Developer to set it on, and I can move the world. > [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
