On Sat, 2009-04-25 at 12:39 +0200, Tiziano Zito wrote:
> I can confirm that the bug is more serious that just "tls_reqcert
> never" not working. We have here an openldap server with a self-signed
> certificate. Lenny clients with version 0.6.7 connect using tls
> without any problem.

Thanks for your info. I just spent some time digging into this and I
think I found an OpenLDAP bug (this is hard to debug properly btw). For
more info see #525605.

I will refactor nss-ldapd's option setting code to set options globally
once instead of per connection. That should work around the above but
and also be better in general for nss-ldapd (the per-connection way of
doing things comes from nss_ldap which shouldn't modify the global
config because it may be running in a process that itself has set ldap
options).

Anyway, I think I've found a solution. I'll start implementing. Thanks
for bringing this to my attention again.

-- 
-- arthur - [email protected] - http://people.debian.org/~adejong --

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to