Re: TLS issue with pam_ldap/nss_ldap and openldap

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 11:45 AM 4/15/2004, Simon Gao wrote:
>My /etc/openldap/ldap.conf is like:

slapd(8) does not read the OpenLDAP ldap.conf(5) file
(except when acting as an LDAP client, e.g. back-ldap).

>The config file /etc/ldap.conf for nss_ldap/pam_ldap is like:

slapd(8) does not read this file.

>Now my question is that OpenLDAP is supposed to not read or care about /etc/ldap.conf, why the different setting in /etc/ldap.conf causes slapd behaves differently?

slapd(8) is likely responding differently to different client
behaviors which are dependent on the configuration of those
clients.

>does it mean OpenLDAP does depend on /etc/ldap.conf?

Only in the sense that the behavior of slapd(8) is in response
to clients whose behavior depends on their configuration.

>Another question is that is it enough to just set TLS/SSL in slapd.conf and the ldap.conf for ldap server?

For slapd(8) configuration is contained in slapd.conf(5).

>Without "ssl starttls" in
>/etc/ldap.conf, will the authentication process automatically use TLS once set in slapd.conf and /etc/openldap/ldap.conf?

The server's configuration is independent of any client's.
They must be setup to work together.

I suggest you first configure clients provided with OpenLDAP
Software to work properly.  Once you done that, then you can
work on 3rd party clients (using 3rd party resources for help
as needed).