[Date Prev][Date Next]
Re: Different TLSVerifyClient possible?
Kent Soper writes:
For clarification, /etc/ldap.conf is the LDAP PAM configuration file.
No. /etc/[openldap|ldap/]ldap.conf is also used by openldap itself and
contains at least the uri|host, searchbase etc. which are used by ldapsearch
Only some (linux-) distributions (debian) split ldap.conf (for openldap) and
pam_ldap.conf (for pam_ldap) into two parts.
User-only TLS directives do not belong in the OpenLDAP client ldap.conf
Ack. That's why I said "using TLS_CERT in ldap.conf is suboptimal".
Any better solution for the problem described before is welcome.