Package: libldap-2.4-2 Version: 2.4.11-1 Severity: important It appears ldap in lenny no longer supports TLS_CACERTDIR. An effect of linking to gnutls now.
It would be nice if that could get fixed, but for a start could we *please* document the fact more prominently in ldap.conf(5)? --- ldap.conf.5 2009-01-27 19:55:54.943702494 +0100 +++ ldap.conf.5.new 2009-01-27 19:58:08.400701684 +0100 @@ -278,7 +278,7 @@ .B TLS_CACERT is always used before .B TLS_CACERTDIR. -This parameter is ignored with GNUtls. +.B This parameter is ignored with GNUtls. On Debian openldap is linked against GNUtls. .TP .B TLS_CERT <filename> Specifies the file that contains the client certificate. @@ -301,7 +301,7 @@ Specifies the file to obtain random bits from when /dev/[u]random is not available. Generally set to the name of the EGD/PRNGD socket. The environment variable RANDFILE can also be used to specify the filename. -This parameter is ignored with GNUtls. +.B This parameter is ignored with GNUtls. On Debian openldap is linked against GNUtls. .TP .B TLS_REQCERT <level> Specifies what checks to perform on server certificates in a TLS session, @@ -334,7 +334,8 @@ used to verify if the server certificates have not been revoked. This requires .B TLS_CACERTDIR -parameter to be set. This parameter is ignored with GNUtls. +parameter to be set. +.B This parameter is ignored with GNUtls. On Debian openldap is linked against GNUtls. .B <level> can be specified as one of the following keywords: .RS Thanks -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
