http://qa.mandrakesoft.com/show_bug.cgi?id=4462
Product: openldap-clients
Component: openldap-clients
Summary: config file for openldap-clients package + ldaps
Product: openldap-clients
Version: 2.1.22-3mdk
Platform: PC
OS/Version: All
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: openldap-clients
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]
Hi,
The following all has to do with the openldap-clients rpm and is more a
suggestion than a bug report.
I've played around with ldaps (secure LDAP) on the new 9.2 beta, gone are the
exception errors � THANKS!.
I had some difficulty trying to let my client accept the certificate of my
server, which did not happen in 9.0!
So I came across this bit in the FAQ on the openldap site
http://www.openldap.org/faq/data/cache/185.html
This is where I went off to the the link that leads to the documentation:
http://www.openldap.org/doc/admin21/tls.html
going down to the client part is where the answer lies:
TLS_CERT <filename>
or
TLS_REQCERT { never | allow | try | demand }
This has to be done in the /etc/ldap.conf file and not the
/etc/openldap/ldap.conf which can be confusing because I was, up to now, under
the impression it is only used by the nss_ldap and pam_ldap modules.
This file naturally can be overruled by any .ldaprc file in a user's home directory.
Ok so here is some kind of suggestion:
Is there a value that can be specified for the location of the config file that
ldapsearch for instance will be using, when these binaries are compiled.
If so, should it not be a better place to put in in /etc/openldap/?
Why I make this suggestion: these are TWO seperate set of packages ( the
nss_ldap/ pam_ldap that uses /etc/ldap.conf VS the openldap packages that uses
config files in /etc/openldap/)
The current openldap-clients package has no config file that gets installed
(/etc/ldap.conf) thus I assume this will make it difficult for the average Joe
out there to eventually get ldaps going, taking me as an example!
Perhaps you can package a �ldaps_sample_config� file with it and a readme, so
the person can quickly grasp what to do, rather than going to the Net and search
and experiment.
If you need any further input please feel free to contact me.
Dirk 27-12-841-3042
or cell 27-72-596-3050
--
Configure bugmail: http://qa.mandrakesoft.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
