[Bug 66741] Re: Long delays enumerating users

Mathias Gug mathiaz at ubuntu.com
Fri Sep 5 15:48:31 BST 2008

On Fri, Sep 05, 2008 at 02:27:16PM -0000, Marco Gaiarin wrote:
> 2) seems that now setting TLS_CACERTDIR (for /etc/ldap/ldap.conf) or
> tls_cacertdir (for /etc/ldap.conf) does nothing, eg you have to select
> the certificate explicitly to make it work.

Openldap 2.4 is compiled against gnutls which doesn't support

See https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/242313.

> Clearly my CA certificate are on place, correctly 'hashed' with
> c_rehash.
> The second problem seems a general libldap bug or misunderstanding,
> because if i comment out TLS_CACERT on /etc/ldap/ldap.conf also simple
> tools like ldapsearch stop to work. Boh.

Make sure that you're not using self-signed certificates on the clients.

Mathias Gug
Ubuntu Developer  http://www.ubuntu.com

Long delays enumerating users
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libnss-ldap in ubuntu.

More information about the Ubuntu-server-bugs mailing list