On Fri, Sep 05, 2008 at 02:27:16PM -0000, Marco Gaiarin wrote: > 2) seems that now setting TLS_CACERTDIR (for /etc/ldap/ldap.conf) or > tls_cacertdir (for /etc/ldap.conf) does nothing, eg you have to select > the certificate explicitly to make it work.
Openldap 2.4 is compiled against gnutls which doesn't support TLS_CACERTDIR. See https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/242313. > Clearly my CA certificate are on place, correctly 'hashed' with > c_rehash. > > The second problem seems a general libldap bug or misunderstanding, > because if i comment out TLS_CACERT on /etc/ldap/ldap.conf also simple > tools like ldapsearch stop to work. Boh. > Make sure that you're not using self-signed certificates on the clients. -- Mathias Gug Ubuntu Developer http://www.ubuntu.com -- Long delays enumerating users https://bugs.launchpad.net/bugs/66741 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
