[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS configuration needs client certification (why?)

On Sunday 26 August 2007 20:16:14 Frank Cornelissen wrote:
> No, that didn't work. The problem is a bad interaction with
> libnss_ldap and slapd, that share the same ldap connection context
> (same process). libnss-ldap does (rightfully) want to check the
> certificate of the server, and sets this option when it is activated.
> That happens after the slapd.conf is read. My solution for now is to
> run slapd in a chroot jail which does not reference nss-ldap, so this
> problem does not occur.

The other workaround for problems like this is to use nscd ...