GQ to LDAP on FC1
Nalin Dahyabhai
nalin at redhat.com
Tue Apr 20 00:31:26 UTC 2004
On Mon, Apr 19, 2004 at 12:36:32PM -0700, Patrick Nelson wrote:
> On Mon, 2004-04-19 at 08:47, Nigel Wade wrote:
> > I don't know anything about gq, but if it uses openldap then that has
> > changed in version 2.1 (which is what FC1 ships with) such that the default
> > action is to verify the server CA chain. If your server cert. isn't signed
> > by a trusted CA then this verify will fail with the above error.
> >
> > You can change the default action for openldap in /etc/ldap.conf by adding
> > the line:
> >
> > tls_reqcert allow
>
> Yes this is self-signed cert. However, adding the above line didn't
> change outcome. It still errors with the same message. I am able to
> use ldap tools on FC1 with TLS...
Nigel is mostly right -- the file to modify in this case is
/etc/openldap/ldap.conf. The /etc/ldap.conf configuration file is used
by the nss_ldap and pam_ldap modules, and /etc/openldap/ldap.conf is
used by libldap in any application which uses libldap.
HTH,
Nalin
More information about the fedora-list
mailing list