[Date Prev][Date Next]
Re: client LDAP configuration issue
- To: Christophe Thibault <firstname.lastname@example.org>
- Subject: Re: client LDAP configuration issue
- From: Rich Megginson <email@example.com>
- Date: Mon, 25 Jul 2011 12:45:23 -0600
- Cc: firstname.lastname@example.org
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:date:from:reply-to:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=7F5YYAA2nqX6lKNcVL+qhiRhwqVFQm/+j0gYUxLLFHg=; b=NAdz3Et3RENkIStUmK42NJ5x61ZIoAd6vUscBrvW94F4U4FMMsRMMdlXJGXWvNih25 5x16zCw705ojv6qlDXwyI1ppBwfGJRyBMkK+yxbvfO1T/1LnpwLyWy2ggHbom/+kfZCa 1r0DM/qv6/BMsaIjyp8o4SkAC6f8DQOforNiI=
- In-reply-to: <4E2963CE.email@example.com>
- References: <4E2963CE.firstname.lastname@example.org>
- User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:22.214.171.124) Gecko/20110617 Red Hat/3.1.11-2.el6_1 Lightning/1.0b3pre Thunderbird/3.1.11
On 07/22/2011 05:49 AM, Christophe Thibault wrote:
I'm currently encountering a weird issue I don't understand.
I'm working on this problem since 3 days now, withount any clue.
I built a sample client that connect to a LDAP server, to test
It works fine for LDAP, but fails for LDAPS, as long as I don't
provide the right certs.
The issue is that I tried setting the TLS_CACERT in different
locations without success (I tried in the system /etc/ldap/ldap.conf,
custom location by setting the LDAPCONF env variable, setting
environment variable LDAPTLS_CACERT, etc.)
What is weird (for me) is that using the same ldap.conf (global or
user), or environment variable works for the ldapsearch client that
comes witth the openldap distribution.
More strange, is that setting the TLS_REQCERT parameter (either in
ldap.conf or in an environment variable) works for my custom client.
In my client, displaying
I probably missed something, do I need to explicitely call some
function to initialize these parameters?
Is there any way to trace calls to these internal functions that
should read the ldap.conf or environment variables?
Any idead is welcome!
What platform? If you are using RHEL or Fedora - what does
rpm -qi openldap