On Sat, 2009-04-25 at 12:39 +0200, Tiziano Zito wrote: > I can confirm that the bug is more serious that just "tls_reqcert > never" not working. We have here an openldap server with a self-signed > certificate. Lenny clients with version 0.6.7 connect using tls > without any problem.
Thanks for your info. I just spent some time digging into this and I think I found an OpenLDAP bug (this is hard to debug properly btw). For more info see #525605. I will refactor nss-ldapd's option setting code to set options globally once instead of per connection. That should work around the above but and also be better in general for nss-ldapd (the per-connection way of doing things comes from nss_ldap which shouldn't modify the global config because it may be running in a process that itself has set ldap options). Anyway, I think I've found a solution. I'll start implementing. Thanks for bringing this to my attention again. -- -- arthur - [email protected] - http://people.debian.org/~adejong --
signature.asc
Description: This is a digitally signed message part

