[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: [Lam-public] ssl not working with ldap-lam
On Wed, 3 Mar 2004, Gémes Géza wrote:
>
> Buchan Milne írta:
> Just to clarify some points:
> /etc/openldap/ldap.conf belongs to package openldap-clients, and is used
> by command line ldap tools, as well as other tools built with libldap,
> like gq, directory-administrator, and I think php-ldap, which is used by
> both lam and PHPLdapAdmin.
And since libldap2 doesn't require openldap-clients, this is wrong.
/etc/openldap/ldap.conf must reside in libldap2 or a package required by
libldap2.
> BTW. /etc/ldap.conf belongs to nss_ldap, and is used by pam_ldap also.
> The problem is, that whilst nss and pam works out of the box, if you
> specify ssl=start_tls, or ssl=on in your /etc/ldap.conf, everything else
> ~ (including Samba) is using libldap,and thus you must build your own
> certificate authority, and create certs for your ldap server, and
> configure your /etc/openldap/ldap.conf accordingly, e.g.:
> TLS_CACERT /etc/ssl/CA/cacert.pem
> TLS_REQCERT demand
In general this is correct, but currently using Mandrake packages this
configuration must go into /etc/ldap.conf (see the patch
openldap-conffile.patch.bz2 in the Mandrake openldap SRPM or by viewing
the packaging CVS at
http://cvs.mandrakesoft.com/cgi-bin/cvsweb.cgi/SPECS/openldap),
or you have to do hacks like:
>
> and convince your ldap applications to use that configuration:
> [root@linux1 ~]# cat /etc/profile.d/ldap.sh
> #!/bin/sh
>
> #Set up all the clients, with the central configuration
>
> export LDAPCONF=/etc/openldap/ldap.conf
> [root@linux1 ~]# cat /etc/profile.d/ldap.csh
>
> #Set up all the clients, with the central configuration
>
> setenv LDAPCONF /etc/openldap/ldap.conf
>
> or specify that configs in your ~/.ldaprc. I just simply prefered a
> global (for all users an uses) solution.
As I said, this thread isn't on topic for this list, please take it to
cooker-server (where a lot of the issues you are mentioned are discussed,
including the fact that placing both libldap2 and nss_ldap directives in
/etc/ldap.conf works but should not be necessary) or file a bug in
Mandrake bugzilla.
I don't want to deal with this issue here any longer, we're just
duplicating discussions that have already occurred in more appropriate
places.
Regards,
Buchan