On 8/23/07, Frank Cornelissen <[EMAIL PROTECTED]> wrote: > > On Aug 15, 2007, at 9:00 AM, Frank Cornelissen wrote: > > > Hello all, > > > > why does slapd require a peer/client certificate? I'm slapd 2.3.30 > > on debian (package 2.3.30-5 to be precise). > > > > when connexting with ssl to slapd using > > > > ldapsearch -H ldaps://artemis.t310.org -b dc=t310,dc=org -x > > > > I get the following error from slapd (started with -d 8): > > > > TLS: can't accept. > > TLS: error:140890C7:SSL > > routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a > > certificate s3_srvr.c:2455 > > > > <snip> > > After some debugging, this seems to be caused by the fact that on > this machine libnss-ldap is enabled. This library will be loaded and > will set some libldap options which seem to be global and thus > interfering with the options from slapd. Anybody got an idea how to > solve this, apart from setting up a seperate machine for openldap|?
I haven't looked at this specific issue, but other issues relating to using ldap-enabled software on a host using nss_ldap could be worked around by using nscd. However, the problems I've seen were fixed in the latest release of nss_ldap (257). Versions affected were at least 254-256, but it may depend on the ssl library (and version). More details would help ... (if this hasn't been resolved yet).
