On 22/01/17 06:51, Arthur de Jong wrote:
> Hi Elizabeth,
> 
> I have been trying to reproduce this (nslcd 0.9.7-1, slapd 2.4.40+dfsg-
> 1+deb8u2).
> 
> I have not been able to reproduce this when not using SSL and the
> following nslcd.conf also works without problems for me:
> 
> uid nslcd
> gid nslcd
> uri ldaps://192.168.12.1/
> base dc=thuis,dc=net
> tls_reqcert never
> tls_cacertfile /etc/ssl/certs/ca-certificates.crt
> reconnect_invalidate passwd,group
> 
> This leaves the following settings (mostly client-side certificates)
> which I haven't tested yet:
> 
> sasl_mech EXTERNAL
> tls_reqcert demand
> tls_cacertfile /etc/ssl/certs/cacert.pem
> tls_key /etc/ssl/private/alakazam_ldap.key
> tls_cert /etc/ssl/certs/alakazam_ldap.pem
> 
> Now setting up CA infra for my test environment to see if I can
> reproduce this but it is a bit of a pain to integrate this into my
> scripts.
> 
> Having a backtrace would be very helpful.
> 
> Thanks,
> 

Hi,

I'll get you a backtrace ASAP.

--
Elizabeth

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to