You can also work around this by copying over the CA certificate you're using (even if self-signed) and pointing to it with a line like "TLS_CACERT /etc/ssl/certs/cacert.pem" into /etc/ldap/ldap.conf for ldap-utils
Since 9.04(?) I've been using libnss-ldapd and libpam-ldapd, which also need the cacert pointed out in /etc/nslcd.conf: # SSL options ssl on tls_reqcert demand tls_cacertfile /etc/ssl/certs/cacert.pem -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/397636 Title: libgnutls13 rejects ldap server's self-signed certificate To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnutls13/+bug/397636/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
