http://bugs.skolelinux.no/show_bug.cgi?id=1211
------- Additional Comments From [EMAIL PROTECTED] 2007-07-04 17:59 ------- I got some help and was able to figure out the problem. There were several of them. First of all, the file /etc/ldap/ssl/ldap-server-pubkey.pem did not contain the content it should. It was not the certificate usable by the client to check the connection to the server. It was something else. Not quite sure what it was. I've rewritten the code generating it to extract the hopefully correct content from /etc/ldap/ssl/slapd.pam on the server. Next, the /etc/ldap/ldap.conf file needed a "tls_cacert etc/ldap/ssl/ldap-server-pubkey.pem" setting to find the certificate. Apparently the default is not to look in /etc/ldap/ssl/ for certificates, and using the tls_cacertdir setting did not work. Finally, I got a tip on how to use the openssl program to extract the server certificate directly from the LDAP server ssl port, so I rewrote the code used to fetch the server certificate to not use http, and instead download the certificate directly. The file is still available from http, but it is no longer used. A fix was just uploaded. I hope it solve the problem for good. I'll close this bug as soon as I have been able to test that it still work. A good way to test if the server connection is working is to run 'ldapwhoami -ZZ -x -h ldap' on the client. This remove the need for reloading apache to test the changes. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

