On Fri, 2009-06-19 at 13:11 -0300, Rodrigo Campos wrote: > On Fri, Jun 19, 2009 at 10:47:19AM +0200, Arthur de Jong wrote: > > Only the option checking has been renamed. Before you could chose > > between yes (is now demand) or no (is now never). If the option was > > not supplied the default that OpenLDAP was using was used. > > > > The only remaining explanation must be that if LDAPNOINIT is set > > (done in 0.6.8) the built-in defaults are different. > > It is not set :S (in my user or root, at least). I checked doing "set > | grep -i ldap"
To be clearer: nss-ldapd 0.6.8 started setting LDAPNOINIT to avoid all kinds of LDAP configfiles and environment variables from being used to provide configuration information to the OpenLDAP library. Anyway, I'm working on making nss-ldapd ask about configuring the tls_reqcert option during installation. This should also handle upgrades from before 0.6.8 and automatically translate any tls_checkpeer option to tls_reqcert. -- -- arthur - [email protected] - http://people.debian.org/~adejong --
signature.asc
Description: This is a digitally signed message part
