GQ to LDAP on FC1

Nigel Wade nmw at ion.le.ac.uk
Tue Apr 20 09:31:32 UTC 2004


Nalin Dahyabhai wrote:
> On Mon, Apr 19, 2004 at 12:36:32PM -0700, Patrick Nelson wrote:
> 
>>On Mon, 2004-04-19 at 08:47, Nigel Wade wrote:
>>
>>>I don't know anything about gq, but if it uses openldap then that has 
>>>changed in version 2.1 (which is what FC1 ships with) such that the default 
>>>action is to verify the server CA chain. If your server cert. isn't signed 
>>>by a trusted CA then this verify will fail with the above error.
>>>
>>>You can change the default action for openldap in /etc/ldap.conf by adding 
>>>the line:
>>>
>>>tls_reqcert allow
>>
>>Yes this is self-signed cert.  However, adding the above line didn't
>>change outcome.  It still errors with the same message.  I am able to
>>use ldap tools on FC1 with TLS...
> 
> 
> Nigel is mostly right -- the file to modify in this case is
> /etc/openldap/ldap.conf.  The /etc/ldap.conf configuration file is used
> by the nss_ldap and pam_ldap modules, and /etc/openldap/ldap.conf is
> used by libldap in any application which uses libldap.
> 
> HTH,
> 
> Nalin
> 
> 

Sorry, I use both nss_ldap and openldap, and have those two files symlinked. 
Hence the confusion.


-- 
Nigel Wade, System Administrator, Space Plasma Physics Group,
             University of Leicester, Leicester, LE1 7RH, UK
E-mail :    nmw at ion.le.ac.uk
Phone :     +44 (0)116 2523548, Fax : +44 (0)116 2523555





More information about the fedora-list mailing list