Hi! I was having problems getting ldapsearch (openldap) and sssd to accept x509 certs from CAcert.org. Thanks to sgallagh for pointing me to where to find a solution. Apparently, in F15, openldap and sssd do not use openssl for TLS/SSL libs. They use Mozilla NSS instead. Therefore, the default locations for certificate authority certs has to be explicitly configured in /etc/openldap/ldap.conf By adding the following to my /etc/openldap/ldap.conf file, I got ldapsearch and sssd to work over SSL to my LDAP server. TLS_CACERTDIR /etc/pki/tls/certs TLS_CACERT /etc/pki/tls/cert.pem Uggh. This was really frustrating . . . . . I dont suppose something could be placed in release notes when these kinds of changes occur? Thanks, Bobby -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
