> > $ cat /etc/ldap/ldap.conf > # > # LDAP Defaults > # > > # See ldap.conf(5) for details > # This file should be world readable but not world writable. > > URI ldaps://127.0.0.1/ > BASE dc=nnn,dc=nnn > TLS_REQCERT never > > $ cat /etc/ldap.conf > base dc=nnn,dc=nnn > uri ldaps://127.0.0.1/ > timelimit 120 > bind_timelimit 120 > idle_timelimit 3600 > ssl on > pam_password exop > bind_policy soft > TLS_CACERTFILE /etc/pki/tls/certs/ca.nnn.nnn.crt > TLS_REQCERT never > > Any comments on those? I've also dabbled with the > nss_initgroups_ignoreusers parameter, but > don't have any conclusive results on that. > > I copied your config into my /etc/ldap/ldap.conf (changing the base parameter), and using "TLS_REQCERT allow" worked fine for me. I use "never" because my LDAP server is using a self-signed cert, and there used to be issues without setting that option. The server I'm testing with was upgraded from Dapper to Hardy.
I was just wondering if you are using libnss-ldap? Could it possibly be a setting in /etc/ldap.conf? -- Party On, Adam ** Attachment added: "unnamed" http://launchpadlibrarian.net/13464423/unnamed -- slapd + gnutls fails https://bugs.launchpad.net/bugs/217159 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap2.3 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
