Solved - F15, ldap/ssl/sssd and certs from CAcert.org
Bobby Krupczak
rdk at krupczak.org
Wed Aug 10 14:46:41 UTC 2011
Hi!
I was having problems getting ldapsearch (openldap) and sssd to accept
x509 certs from CAcert.org.
Thanks to sgallagh for pointing me to where to find a solution.
Apparently, in F15, openldap and sssd do not use openssl for TLS/SSL
libs. They use Mozilla NSS instead. Therefore, the default locations
for certificate authority certs has to be explicitly configured in
/etc/openldap/ldap.conf
By adding the following to my /etc/openldap/ldap.conf file, I got
ldapsearch and sssd to work over SSL to my LDAP server.
TLS_CACERTDIR /etc/pki/tls/certs
TLS_CACERT /etc/pki/tls/cert.pem
Uggh. This was really frustrating . . . . . I dont suppose something
could be placed in release notes when these kinds of changes occur?
Thanks,
Bobby
More information about the users
mailing list