[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [pamldap] ldap_set_option error?

To: lukeh@padl.com
Subject: Re: [pamldap] ldap_set_option error?
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Wed, 13 Jun 2001 07:05:56 -0700
Cc: sto@isoco.com, pamldap@padl.com, openldap-software@OpenLDAP.org
In-reply-to: <200106131222.WAA75916@au.padl.com>

At 05:22 AM 6/13/2001, Luke Howard wrote:

>Interesting. I removed the call to ldap_pvt_tls_set_option() because
>we shouldn't really be using private API, and for older versions of
>OpenLDAP, that private API isn't there (even though the rest of the
>API for Start TLS is).

Sounds like HAVE_TLS is not defined... so setting TLS options
and/and calling ldap_start_tls_s() should fail.  Check portable.h.

>When I looked at the OpenLDAP code, the
>implementation of ldap_set_option() fell through to 
>ldap_pvt_tls_set_option() for options it didn't handle itself. Thus
>it seemed safe to use the public API for setting TLS options.
>
>I have cc'd this to the OpenLDAP software list, maybe they will
>have the answer.
>
>-- Luke
>
>>From: sto@isoco.com (Sergio Talens-Oliag)
>>Subject: [pamldap] ldap_set_option error?
>>To: pamldap@padl.com
>>Date: Wed, 13 Jun 2001 12:13:27 +0200
>>
>>Hello,
>>
>>  I'm using pam_ldap-113, OpenLDAP 2.0.11 and OpenSSL 0.9.6 on a Debian
>>  system.  pam_ldap is working, but I'm having a lot of error messages related
>>  to 'ldap_set_option'.  What I see on my logs is something like the
>>  following:
>>
>>---
>>Jun 13 11:26:21 voll ipop3d[16113]: pam_ldap: ldap_set_option(LDAP_OPT_X_TLS_CACERTFILE):
>>Unknown error
>>Jun 13 11:26:21 voll ipop3d[16113]: pam_ldap: _set_ssl_options failed
>>---
>>
>>  My config file is something like the following:
>>
>>--*-- BEG: /etc/pam_ldap.conf --*--
>>host          192.168.1.1
>>port          636
>>base          dc=isoco,dc=net
>>ldap_version  3
>>ssl           yes
>>tls_checkpeer no
>>pam_crypt     local
>>pam_password  crypt
>>--*-- END: /etc/pam_ldap.conf --*--
>>
>>  I've been playing with the code and it seems that 'ldap_set_option' is not
>>  working as the private function of previous versions (i've replaced
>>  'ldap_set_option' with 'ldap_pvt_tls_set_option' and there's no error
>>  message).
>>
>>  Any ideas?
>>
>>-- 
>>Sergio Talens-Oliag ........................................................
>>Intelligent Software Components, S.A.                            _  _  _  _ 
>>Edificio Testa Sant Cugat               Telf: +34 93 5677200  @ |_ | ||  | |
>>c/. Alcalde Barnils, 64 - 68            mailto:sto@isoco.com  |  _||_||_ |_|
>>08190 Sant Cugat del Vallés (Barcelona) http://www.isoco.com  ..............
>
>--
>Luke Howard | lukeh@padl.com
>PADL Software | www.padl.com

References:
- Re: [pamldap] ldap_set_option error?
  - From: Luke Howard <lukeh@padl.com>

Prev by Date: Re: Weird Error in Quick Start Guide
Next by Date: Problems with ldapadd and/or ldif file
Index(es):
- Chronological
- Thread