Still an issue (Ubuntu hardy just upgraded), but on a different way. Effectively there's no more delay 'enumerating' certificates, but still there's are some trouble or at least things that i cannot explain. For example:
1) the only way to have libnss-ldap/libpam-ldap using correct cerificate are to put it as 'TLS_CACERT /etc/ssl/certs/LNFFVG.pem' in /etc/ldap/ldap.conf (libldap 'global' config file); if i put 'tls_cacertfile /etc/ssl/certs/LNFFVG.pem' on /etc/ldap.conf, they are completely ignored. 2) seems that now setting TLS_CACERTDIR (for /etc/ldap/ldap.conf) or tls_cacertdir (for /etc/ldap.conf) does nothing, eg you have to select the certificate explicitly to make it work. Clearly my CA certificate are on place, correctly 'hashed' with c_rehash. The second problem seems a general libldap bug or misunderstanding, because if i comment out TLS_CACERT on /etc/ldap/ldap.conf also simple tools like ldapsearch stop to work. Boh. -- Long delays enumerating users https://bugs.launchpad.net/bugs/66741 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
