[Date Prev][Date Next]
Re: TLS/SSL failover problem
Doug Wilson <email@example.com> writes:
> Thanks for the response. The slapd args are:
> With no failover in place SSL/TLS work just fine ... I can confirm that
> by connecting to the ldap server over SSL with LDAP Browser/Editor and
> by connecting with TLS using GQ.
> It's only after switching to the failover server, and trying to switch
> back to the primary ldap server that I run into a problem.
I don't know anything about caching behaviour of pam_ldap, but it
seems that the pam module caches the server certificate. But you
should ask on the pam_ldap mailinglist.
> Maybe I need to use an explicit TLS_CACERT or TLS_CACERTDIR (I'm using
> more than 1 CA since each ldap server uses a self-signed certificate)
That might help
> How would I set logging in /etc/openldap/slapd.conf so that I could see
> if it was a certificate problem?
Dieter Kluenter | Systemberatung
Tel:040.64861967 | Fax: 040.64891521