Hello, all. This may be a bit off-topic as it is primarily an ldap client issue but I am having a bear of a time getting my test centos clients to access fds. The problem is tls_checkpeer. I do want it set to yes but this breaks access. It is as if the directory server's cert cannot be validated against the CA cert. Here are the pertinent settings from my centos client ldap.conf (as you can see, I've tried many combinations): uri ldap://ldap.mycompany.com/ #host ldap.mycompany.com #ssl on ssl start_tls #tls_cacertdir /etc/pki/tls/certs tls_cacertfile /etc/pki/tls/certs/SSICA.pem pam_password md5 tls_checkpeer yes tls_ciphers TLSv1 An strace shows that the SSICA.pem file is opened. Apparently, this is a problem in Ubuntu because of a change to gnutls. However, I can confirm the combination of uri ldap://, ssl start_tls, and tls_certfile rather than tls_certdir work on Ubuntu. My problem is redhat style systems. Our test bed is CentOS 5.2. Does anyone have this working on newer redhat based systems? If so, with what configuration? Thanks - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsullivan at opensourcedevel.com http://www.spiritualoutreach.com Making Christianity intelligible to secular society
