On Mon, May 22, 2006 at 11:21:53AM +1000, Alexander Samad wrote:
> On Sun, May 21, 2006 at 05:29:49PM -0700, Steve Langasek wrote:

> I tried setting ssl=on in the /etc/ldap/ldap.conf file ( I downloaded
> the source and had a look at ldap.c) but that made no difference, but I
> did notice there was a section that was #ifdef out for ssl - it had
> another type of bind function call.

> When I changed the ssl=on the debug info was the same except that ssl
> (yes) was printed out instead of ssl (no)

Ok.

> I have set it up so that client authentication is not need for ldaps.

However, I believe that by default libldap requires access to a trusted copy
of the *server* certificate in order to establish an ldaps connection.  Is
it possible that pam_ldap and nss_ldap have access to *this* certificate,
while sudo-ldap does not?

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
[EMAIL PROTECTED]                                   http://www.debian.org/

Attachment: signature.asc
Description: Digital signature

Reply via email to