[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Different TLSVerifyClient possible?



Kent Soper writes:

For clarification, /etc/ldap.conf is the LDAP PAM configuration file.

No. /etc/[openldap|ldap/]ldap.conf is also used by openldap itself and contains at least the uri|host, searchbase etc. which are used by ldapsearch et al.


Only some (linux-) distributions (debian) split ldap.conf (for openldap) and pam_ldap.conf (for pam_ldap) into two parts.

User-only TLS directives do not belong in the OpenLDAP client ldap.conf
file.

Ack. That's why I said "using TLS_CERT in ldap.conf is suboptimal".


Any better solution for the problem described before is welcome.

Martin