Hi!
I was having problems getting ldapsearch (openldap) and sssd to accept x509 certs from CAcert.org.
Thanks to sgallagh for pointing me to where to find a solution. Apparently, in F15, openldap and sssd do not use openssl for TLS/SSL libs. They use Mozilla NSS instead. Therefore, the default locations for certificate authority certs has to be explicitly configured in /etc/openldap/ldap.conf
By adding the following to my /etc/openldap/ldap.conf file, I got ldapsearch and sssd to work over SSL to my LDAP server.
TLS_CACERTDIR /etc/pki/tls/certs TLS_CACERT /etc/pki/tls/cert.pem
Uggh. This was really frustrating . . . . . I dont suppose something could be placed in release notes when these kinds of changes occur?
Thanks,
Bobby