On 22/01/17 06:51, Arthur de Jong wrote: > Hi Elizabeth, > > I have been trying to reproduce this (nslcd 0.9.7-1, slapd 2.4.40+dfsg- > 1+deb8u2). > > I have not been able to reproduce this when not using SSL and the > following nslcd.conf also works without problems for me: > > uid nslcd > gid nslcd > uri ldaps://192.168.12.1/ > base dc=thuis,dc=net > tls_reqcert never > tls_cacertfile /etc/ssl/certs/ca-certificates.crt > reconnect_invalidate passwd,group > > This leaves the following settings (mostly client-side certificates) > which I haven't tested yet: > > sasl_mech EXTERNAL > tls_reqcert demand > tls_cacertfile /etc/ssl/certs/cacert.pem > tls_key /etc/ssl/private/alakazam_ldap.key > tls_cert /etc/ssl/certs/alakazam_ldap.pem > > Now setting up CA infra for my test environment to see if I can > reproduce this but it is a bit of a pain to integrate this into my > scripts. > > Having a backtrace would be very helpful. > > Thanks, >
Hi, I'll get you a backtrace ASAP. -- Elizabeth
signature.asc
Description: OpenPGP digital signature