[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS configuration needs client certification (why?)

To: openldap-software@openldap.org
Subject: Re: TLS configuration needs client certification (why?)
From: Buchan Milne <bgmilne@staff.telkomsa.net>
Date: Mon, 27 Aug 2007 10:08:08 +0200
Cc: Frank Cornelissen <frankc@t310.org>
Content-disposition: inline
In-reply-to: <C75962FA-9C58-4C1F-895F-7E8F4586E0D6@t310.org>
References: <DE3379B3-D1ED-4DB2-9BEB-000963984898@t310.org> <46D02550.20008@symas.com> <C75962FA-9C58-4C1F-895F-7E8F4586E0D6@t310.org>
User-agent: KMail/1.9.6

On Sunday 26 August 2007 20:16:14 Frank Cornelissen wrote:
> No, that didn't work. The problem is a bad interaction with
> libnss_ldap and slapd, that share the same ldap connection context
> (same process). libnss-ldap does (rightfully) want to check the
> certificate of the server, and sets this option when it is activated.
> That happens after the slapd.conf is read. My solution for now is to
> run slapd in a chroot jail which does not reference nss-ldap, so this
> problem does not occur.

The other workaround for problems like this is to use nscd ...

References:
- TLS configuration needs client certification (why?)
  - From: Frank Cornelissen <frankc@t310.org>
- Re: TLS configuration needs client certification (why?)
  - From: Howard Chu <hyc@symas.com>
- Re: TLS configuration needs client certification (why?)
  - From: Frank Cornelissen <frankc@t310.org>

Prev by Date: allow changing userPassword only through extended operations?
Next by Date: Syncrepl and proxyAgent password expiration
Index(es):
- Chronological
- Thread