[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Using NSS

To: openldap-technical@openldap.org
Subject: Re: Using NSS
From: Braden McDaniel <braden@endoframe.com>
Date: Mon, 06 Feb 2012 01:02:54 -0500
Dkim-signature: v=1; a=rsa-sha1; c=relaxed; d=endoframe.com; h=subject :from:to:date:in-reply-to:references:content-type :content-transfer-encoding:message-id:mime-version; s= endoframe.com; bh=qGfHHrJX5S6cC/CXoCiKc1SGSH0=; b=qC94zzpFZHw7fk evPH2Aw6Qf/hOb7GAotV34JWAmel9Z3a1sMHeG1tQAmRguEtyRtFqSu+HG0nli/V Z3RQQK/qVZ/CYfhpPOk+g92ZNKavXGIkz8K2Vhe/PC2BKozqOvXykHkg4miUSTOa xnu9o00k2ObAjhHVGkiNXQRO19kNM=
Domainkey-signature: a=rsa-sha1; c=nofws; d=endoframe.com; h=subject:from:to :date:in-reply-to:references:content-type :content-transfer-encoding:message-id:mime-version; q=dns; s= endoframe.com; b=ev1NOOfNW+IiIfQp1fbItXHn6PvWr57snuEryBS3WPzh6uK H6Ssf0U0QTwpCps3DhP+bNZyEKlboLX2HqoDFdjF1Qchg6T1Qw3s3USnWrdT+sH6 ME8mplEBxZ++Q5LxqNbAV7Y2Rqr5qta0airh1R0tx85RTyVRV4hJny0c492I=
In-reply-to: <6C447584419BFE4E83D46E88F81314868A9022FAD5@EXCH07-05.apollogrp.edu>
References: <6C447584419BFE4E83D46E88F81314868A9022FAD5@EXCH07-05.apollogrp.edu>

On Sun, 2012-02-05 at 09:43 -0700, Chris Jacobs wrote:
> Yes: Specify your cacert file in openldap's ldap.conf file (NOT PADL's in /etc/): typically /etc/openldap/ldap.conf or perhaps /usr/local/openldap/etc/openldap/ldap.conf.

That's it.  Thank you!

> If the cert is signed by a real CA then your system's cacert bundle needs updating.

It's self-signed.  And (I *think*) things are working.

> And use openssl vs mozilla's ssl - my understanding is that it doesn't quite work right; especially when building openldap.

I'm using Fedora's binaries; and they're built against NSS these days.

Braden

References:
- Re: Using NSS
  - From: Chris Jacobs <Chris.Jacobs@apollogrp.edu>

Prev by Date: Compound query question - organization with cn vs. o?
Next by Date: Re: Got error while enabling SASL
Index(es):
- Chronological
- Thread