Hi! On Tue, Mar 28, 2006 at 06:55:46PM +0300, Alexander Gattin wrote: > > never had too much problem setting up either start_TLS or ldaps security > > altho I've always used RSA I think.
I've got answer in openldap-software maillist, and impressively quickly, what a miracle! %) On Wed, Mar 29, 2006 at 01:12:41AM +0000, [EMAIL PROTECTED] wrote: > There is no support for DSA certificates in OpenLDAP 2.2. It was added > in 2.3.12. It was related to DH params handling, as Howard wrote, and effectively DSA certs became supported since 2.3.12. Greg, I tried similar setup to yours, with: > login/testing upgradeable from 1:4.0.14-3x4 to 1:4.0.14-9 (locally built) > libnss-ldap/testing uptodate 238-1.1 > libpam-ldap/testing uptodate 180-1 while you used: > login 1:4.0.3-30.1 > libnss-ldap 238-1 > libpam-ldap 178-1sarge1 In my setup, `su - ldapxusr` works perfectly -- it processes ~/.ldaprc, looks through ~/certs, starts TLS and does its job well if not straced (otherwize setgid() fails). I.e. it does not crash/fail. The only issue is when I use /etc/ssl/certs/ which is full of CA certs on my system -- then `su -` hangs for about a minute (ca-certificates package has around 100 certificates...) while checking _all_ of them (don't know why?). So, I think testing/unstable system is free from bug #277767. Greg, I'll check it on sarge soon. If you like, you may check it on testing system on your side to see whether it is actually fixed in Debian/testing or not. Main problem is that if you upgrade a sarge system to Debian/testing, you won't be able to return to Debian/stable easily as libc6 will be upgraded (this is one-way ticket unfortunately). -- WBR, xrgtn -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
