[Date Prev][Date Next]
RE: 2.1.22 not accepting self-signed SSL cert
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Jochen Laser
> On Mon, 3 Nov 2003 19:23:45 -0600 (CST)
> <firstname.lastname@example.org> wrote:
> > I have included the TLS_CACERT directive in my /etc/ldap.conf but I am
> > still getting the same results. Ant other debugs I can provide? Thanks.
> I experienced the same,but as I understand this now, this
> "bug" is a feature
> that didn't make it into the documentation of 2.1.22.
> You might want to have a look at ITS #2697 where this is discussed.
> These TLS_* Options are "user-only" and must be
> specified in the ldprc files or the environment rather than
> in /etc/.../ldap.conf
No. The TLS_CACERT directive is not "user-only" - it can and generally should
be set in the system-wide config file. However, that file is
/usr/local/etc/openldap/ldap.conf by default, *NOT* /etc/ldap.conf. The
OpenLDAP library does not use /etc/ldap.conf.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
Symas: Premier OpenSource Development and Support