On Mon, Apr 19, 2004 at 12:36:32PM -0700, Patrick Nelson wrote: > On Mon, 2004-04-19 at 08:47, Nigel Wade wrote: > > I don't know anything about gq, but if it uses openldap then that has > > changed in version 2.1 (which is what FC1 ships with) such that the default > > action is to verify the server CA chain. If your server cert. isn't signed > > by a trusted CA then this verify will fail with the above error. > > > > You can change the default action for openldap in /etc/ldap.conf by adding > > the line: > > > > tls_reqcert allow > > Yes this is self-signed cert. However, adding the above line didn't > change outcome. It still errors with the same message. I am able to > use ldap tools on FC1 with TLS... Nigel is mostly right -- the file to modify in this case is /etc/openldap/ldap.conf. The /etc/ldap.conf configuration file is used by the nss_ldap and pam_ldap modules, and /etc/openldap/ldap.conf is used by libldap in any application which uses libldap. HTH, Nalin
