[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: 2.1.22 not accepting self-signed SSL cert



> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Jochen Laser

> On Mon, 3 Nov 2003 19:23:45 -0600 (CST)
> <adamtheo@theoretic.com> wrote:
> > I have included the TLS_CACERT directive in my /etc/ldap.conf but I am
> > still getting the same results. Ant other debugs I can provide? Thanks.

>  I experienced the same,but as I understand this now, this
> "bug" is a feature
>  that didn't make it  into the documentation of 2.1.22.

>  You might want to have a look at ITS #2697 where this is discussed.
>  These TLS_* Options are "user-only" and  must be
>  specified in the ldprc files or the environment rather than
> in /etc/.../ldap.conf

No. The TLS_CACERT directive is not "user-only" - it can and generally should
be set in the system-wide config file. However, that file is
/usr/local/etc/openldap/ldap.conf by default, *NOT* /etc/ldap.conf. The
OpenLDAP library does not use /etc/ldap.conf.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support