[Bug 66741] Re: Long delays enumerating users

Marco Gaiarin gaio at linux.it
Sat Sep 6 09:14:40 BST 2008

Mandi! Mathias Gug
  In chel dì si favelave...

> Openldap 2.4 is compiled against gnutls which doesn't support
> See https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/242313.

Uh, oh... this clearly solve this bug, because if TLS_CACERTDIR does
not work anymore, clearly there's no certificates to 'enumerate'...

Issue 1 remain: why i've to set the 'global' /etc/ldap/ldap.conf
CA certificate via TLS_CACERTDIR because the 'local' /etc/ldap.conf
CA certificate via tls_cacertfile does not work?

Say me if i've to open a new bug, i've searched for 'tls_cacertfile' on
launchpad but seems that there's no reference... no, wait a moment:


seems i've to use tls_checkpeer=yes, i'll do some tests. ;)

> Make sure that you're not using self-signed certificates on the clients.

No, i use a local CA built with TinyCA.

Marco ``Gaio'' Gaiarin	 | LUG Pordenone    (http://www.pordenone.linux.it)
P.zza S. Tommaso, 20	 | Lilliput BBS      (http://bbs.lilliput.linux.it)
Cimpello di Fiume Veneto | Azione Cattolica - Concordia-Pordenone
33080 Pordenone (Italia) |           (http://www.ac.concordia-pordenone.it)
Tel.   +39-0434-56-1305  | http://www.gaiarin.it/             gaio at linux.it

Long delays enumerating users
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libnss-ldap in ubuntu.

More information about the Ubuntu-server-bugs mailing list