[Date Prev][Date Next]
Re: TLS issue with pam_ldap/nss_ldap and openldap
At 11:45 AM 4/15/2004, Simon Gao wrote:
>My /etc/openldap/ldap.conf is like:
slapd(8) does not read the OpenLDAP ldap.conf(5) file
(except when acting as an LDAP client, e.g. back-ldap).
>The config file /etc/ldap.conf for nss_ldap/pam_ldap is like:
slapd(8) does not read this file.
>Now my question is that OpenLDAP is supposed to not read or care about /etc/ldap.conf, why the different setting in /etc/ldap.conf causes slapd behaves differently?
slapd(8) is likely responding differently to different client
behaviors which are dependent on the configuration of those
>does it mean OpenLDAP does depend on /etc/ldap.conf?
Only in the sense that the behavior of slapd(8) is in response
to clients whose behavior depends on their configuration.
>Another question is that is it enough to just set TLS/SSL in slapd.conf and the ldap.conf for ldap server?
For slapd(8) configuration is contained in slapd.conf(5).
>Without "ssl starttls" in
>/etc/ldap.conf, will the authentication process automatically use TLS once set in slapd.conf and /etc/openldap/ldap.conf?
The server's configuration is independent of any client's.
They must be setup to work together.
I suggest you first configure clients provided with OpenLDAP
Software to work properly. Once you done that, then you can
work on 3rd party clients (using 3rd party resources for help