i try to use nscd with ldap and tls. in this case you should define a cacert, cert and key file for nss. but afaik there is no default palce to put these file and there is no default policy to allow nscd to read any kind of pem file(s). it'd be useful to define a standard place for these cert files and allow nscd to read these files.
yours.
-- Levente "Si vis pacem para bellum!"
