RHEL V6.4: nslcd need to start tls and ssl in a specific order
by Licause, Al (CSC AMS BCS - UNIX/Linux Network Support)
I know this forum is about sssd, but I am working with a customer that cannot run sssd due to a
configuration issue on their ldap servers. I didn't know where else to ask this question other
than to raise a formal elevation which I can do if so requested or this is found to be a bug.
This customer has opted to use nslcd over encrypted links. In testing this configuration I noticed
two oddities. These two lines are required in nslcd.conf to get the encryption started:
I was always under the impression that if you use ssl, you shouldn't use or start TLS and visa versa,
if TLS has been started, then don't start ssl. Am I misinterpreting what is being enabled with these
What is even stranger, is that they are position dependent. The start_tls line must come before the
ssl on line otherwise the encryption will not start correctly and the connections will fail.
To my knowledge this seems to be the only position dependent option I have run it to so far.
Was this intended ?
HP L2 UNIX Network Services
HP Customer Support Center
Hours 7am-3pm Pacific time USA