severity 661872 wishlist tags 661872 + help thanks On Fri, 2012-03-02 at 08:10 +0100, Daniel Pocock wrote: > If the `demand' mode is selected, the option > > tls_reqcert demand > > is added to /etc/nslcd.conf. However, connection to the LDAP server > fails, on the first attempt, with this error:
The problem is that the debconf configuration tries to balance configuration ease with complexity. As such, it only tries to enable most common, relatively simple configurations out of the box. The problem with configuring TLS further through debconf is that it is not always clear whether to use tls_cacertfile or tls_cacertdir should be used. I believe it depends on which TLS library is linked to OpenLDAP. Note that the text for the reqcert configuration step already explains adding tls_cacertdir or tls_cacertfile. If anyone is willing to develop a patch to further configure TLS, I'll gladly review and integrate it. Thanks, -- -- arthur - [email protected] - http://people.debian.org/~adejong --
signature.asc
Description: This is a digitally signed message part
