On Mon, Apr 19, 2004 at 12:36:32PM -0700, Patrick Nelson wrote:
On Mon, 2004-04-19 at 08:47, Nigel Wade wrote:
I don't know anything about gq, but if it uses openldap then that has changed in version 2.1 (which is what FC1 ships with) such that the default action is to verify the server CA chain. If your server cert. isn't signed by a trusted CA then this verify will fail with the above error.
You can change the default action for openldap in /etc/ldap.conf by adding the line:
tls_reqcert allow
Yes this is self-signed cert. However, adding the above line didn't change outcome. It still errors with the same message. I am able to use ldap tools on FC1 with TLS...
Nigel is mostly right -- the file to modify in this case is /etc/openldap/ldap.conf. The /etc/ldap.conf configuration file is used by the nss_ldap and pam_ldap modules, and /etc/openldap/ldap.conf is used by libldap in any application which uses libldap.
HTH,
Nalin
Sorry, I use both nss_ldap and openldap, and have those two files symlinked. Hence the confusion.
-- Nigel Wade, System Administrator, Space Plasma Physics Group, University of Leicester, Leicester, LE1 7RH, UK E-mail : nmw@xxxxxxxxxxxx Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
