Hi Elizabeth,

I have been trying to reproduce this (nslcd 0.9.7-1, slapd 2.4.40+dfsg-
1+deb8u2).

I have not been able to reproduce this when not using SSL and the
following nslcd.conf also works without problems for me:

uid nslcd
gid nslcd
uri ldaps://192.168.12.1/
base dc=thuis,dc=net
tls_reqcert never
tls_cacertfile /etc/ssl/certs/ca-certificates.crt
reconnect_invalidate passwd,group

This leaves the following settings (mostly client-side certificates)
which I haven't tested yet:

sasl_mech EXTERNAL
tls_reqcert demand
tls_cacertfile /etc/ssl/certs/cacert.pem
tls_key /etc/ssl/private/alakazam_ldap.key
tls_cert /etc/ssl/certs/alakazam_ldap.pem

Now setting up CA infra for my test environment to see if I can
reproduce this but it is a bit of a pain to integrate this into my
scripts.

Having a backtrace would be very helpful.

Thanks,

-- 
-- arthur - adej...@debian.org - https://people.debian.org/~adejong --

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to