[Bug 66741] Re: Long delays enumerating users
Marco Gaiarin
gaio at linux.it
Fri Sep 5 15:27:16 BST 2008
Still an issue (Ubuntu hardy just upgraded), but on a different way.
Effectively there's no more delay 'enumerating' certificates, but still
there's are some trouble or at least things that i cannot explain. For
example:
1) the only way to have libnss-ldap/libpam-ldap using correct cerificate
are to put it as 'TLS_CACERT /etc/ssl/certs/LNFFVG.pem' in
/etc/ldap/ldap.conf (libldap 'global' config file); if i put
'tls_cacertfile /etc/ssl/certs/LNFFVG.pem' on /etc/ldap.conf, they are
completely ignored.
2) seems that now setting TLS_CACERTDIR (for /etc/ldap/ldap.conf) or
tls_cacertdir (for /etc/ldap.conf) does nothing, eg you have to select
the certificate explicitly to make it work.
Clearly my CA certificate are on place, correctly 'hashed' with
c_rehash.
The second problem seems a general libldap bug or misunderstanding,
because if i comment out TLS_CACERT on /etc/ldap/ldap.conf also simple
tools like ldapsearch stop to work. Boh.
--
Long delays enumerating users
https://bugs.launchpad.net/bugs/66741
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libnss-ldap in ubuntu.
More information about the Ubuntu-server-bugs
mailing list