[Bug 66741] Re: Long delays enumerating users
Marco Gaiarin
gaio at linux.it
Sat Sep 6 09:14:40 BST 2008
Mandi! Mathias Gug
In chel dì si favelave...
> Openldap 2.4 is compiled against gnutls which doesn't support
> TLS_CACERTDIR.
> See https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/242313.
Uh, oh... this clearly solve this bug, because if TLS_CACERTDIR does
not work anymore, clearly there's no certificates to 'enumerate'...
;-)))
Issue 1 remain: why i've to set the 'global' /etc/ldap/ldap.conf
CA certificate via TLS_CACERTDIR because the 'local' /etc/ldap.conf
CA certificate via tls_cacertfile does not work?
Say me if i've to open a new bug, i've searched for 'tls_cacertfile' on
launchpad but seems that there's no reference... no, wait a moment:
https://bugs.launchpad.net/ubuntu/+source/libnss-
ldap/+bug/241128
seems i've to use tls_checkpeer=yes, i'll do some tests. ;)
> Make sure that you're not using self-signed certificates on the clients.
No, i use a local CA built with TinyCA.
--
Marco ``Gaio'' Gaiarin | LUG Pordenone (http://www.pordenone.linux.it)
P.zza S. Tommaso, 20 | Lilliput BBS (http://bbs.lilliput.linux.it)
Cimpello di Fiume Veneto | Azione Cattolica - Concordia-Pordenone
33080 Pordenone (Italia) | (http://www.ac.concordia-pordenone.it)
Tel. +39-0434-56-1305 | http://www.gaiarin.it/ gaio at linux.it
--
Long delays enumerating users
https://bugs.launchpad.net/bugs/66741
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libnss-ldap in ubuntu.
More information about the Ubuntu-server-bugs
mailing list