[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: TLS/SSL failover problem
Hi,
Doug Wilson <dwilson@virtc.com> writes:
> Thanks for the response. The slapd args are:
[...]
>
> With no failover in place SSL/TLS work just fine ... I can confirm that
> by connecting to the ldap server over SSL with LDAP Browser/Editor and
> by connecting with TLS using GQ.
>
> It's only after switching to the failover server, and trying to switch
> back to the primary ldap server that I run into a problem.
I don't know anything about caching behaviour of pam_ldap, but it
seems that the pam module caches the server certificate. But you
should ask on the pam_ldap mailinglist.
> Maybe I need to use an explicit TLS_CACERT or TLS_CACERTDIR (I'm using
> more than 1 CA since each ldap server uses a self-signed certificate)
> entry?
That might help
> How would I set logging in /etc/openldap/slapd.conf so that I could see
> if it was a certificate problem?
loglevel 2
-Dieter
--
Dieter Kluenter | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de
http://www.avci.de