[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [pamldap] ldap_set_option error?



Interesting. I removed the call to ldap_pvt_tls_set_option() because
we shouldn't really be using private API, and for older versions of
OpenLDAP, that private API isn't there (even though the rest of the
API for Start TLS is). When I looked at the OpenLDAP code, the
implementation of ldap_set_option() fell through to 
ldap_pvt_tls_set_option() for options it didn't handle itself. Thus
it seemed safe to use the public API for setting TLS options.

I have cc'd this to the OpenLDAP software list, maybe they will
have the answer.

-- Luke

>From: sto@isoco.com (Sergio Talens-Oliag)
>Subject: [pamldap] ldap_set_option error?
>To: pamldap@padl.com
>Date: Wed, 13 Jun 2001 12:13:27 +0200
>
>Hello,
>
>  I'm using pam_ldap-113, OpenLDAP 2.0.11 and OpenSSL 0.9.6 on a Debian
>  system.  pam_ldap is working, but I'm having a lot of error messages related
>  to 'ldap_set_option'.  What I see on my logs is something like the
>  following:
>
>---
>Jun 13 11:26:21 voll ipop3d[16113]: pam_ldap: ldap_set_option(LDAP_OPT_X_TLS_CACERTFILE):
>Unknown error
>Jun 13 11:26:21 voll ipop3d[16113]: pam_ldap: _set_ssl_options failed
>---
>
>  My config file is something like the following:
>
>--*-- BEG: /etc/pam_ldap.conf --*--
>host          192.168.1.1
>port          636
>base          dc=isoco,dc=net
>ldap_version  3
>ssl           yes
>tls_checkpeer no
>pam_crypt     local
>pam_password  crypt
>--*-- END: /etc/pam_ldap.conf --*--
>
>  I've been playing with the code and it seems that 'ldap_set_option' is not
>  working as the private function of previous versions (i've replaced
>  'ldap_set_option' with 'ldap_pvt_tls_set_option' and there's no error
>  message).
>
>  Any ideas?
>
>-- 
>Sergio Talens-Oliag ........................................................
>Intelligent Software Components, S.A.                            _  _  _  _ 
>Edificio Testa Sant Cugat               Telf: +34 93 5677200  @ |_ | ||  | |
>c/. Alcalde Barnils, 64 - 68            mailto:sto@isoco.com  |  _||_||_ |_|
>08190 Sant Cugat del Vallés (Barcelona) http://www.isoco.com  ..............

--
Luke Howard | lukeh@padl.com
PADL Software | www.padl.com