I have upgraded our LDAP server to 5.2.1Release running openldap-2.1.30 server/client + pam_ldap-1.6.9 + nss_ldap-1.204_5. The previous configuration (openldap20-2.0.25_4 + nss_ldap-1.204_1 + pam_ldap-1.6.1) was runing OK on FreeBSD 5.1R
After the upgrade I have 2 major problems. 1) I'm not able to make the ldap server to work with TLS. The previous installation worked fine but I haven't properly backed up TLS certificates and I had to generate them again using the approach described at http://www.openldap.org/faq/data/cache/185.html As soon as I add these TLS options to the slapd.conf: # TLS options for slapd TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCACertificateFile /usr/local/etc/openldap/cacert.pem TLSCertificateFile /usr/local/etc/openldap/servercrt.pem TLSCertificateKeyFile /usr/local/etc/openldap/servercrt.pem ... running "/etc/rc.d/slapd start" doesn't even start the server but doesn't complain either. So I have no clue what's going wrong and right now I have to run the server without TLS. 2) The second problem is with nss_ldap. I have installed the server first, loaded data to the directory, tried some searches etc. Everything worked OK (except for the TLS). Nomaly, the startup of the server takes about 1 second. As soon as I install nss_ldap (in the very moment I run make install on that port) the startup time of the ldap server slows down to 30+ seconds and I also experienced cases when it didn't start at all. If I deinstall the nss_ldap the server startup is quick again. Any ideas of what can be wrong in either case would be really welcome. Thanks Mira _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"