[Date Prev][Date Next]
libnss-ldap and slapd (was: TLS configuration needs client certification (why?))
On Aug 15, 2007, at 9:00 AM, Frank Cornelissen wrote:
why does slapd require a peer/client certificate? I'm slapd 2.3.30
on debian (package 2.3.30-5 to be precise).
when connexting with ssl to slapd using
ldapsearch -H ldaps://artemis.t310.org -b dc=t310,dc=org -x
I get the following error from slapd (started with -d 8):
TLS: can't accept.
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a
After some debugging, this seems to be caused by the fact that on
this machine libnss-ldap is enabled. This library will be loaded and
will set some libldap options which seem to be global and thus
interfering with the options from slapd. Anybody got an idea how to
solve this, apart from setting up a seperate machine for openldap|?
Thanks in advance,