https://bugzilla.novell.com/show_bug.cgi?id=730046
https://bugzilla.novell.com/show_bug.cgi?id=730046#c15
Ralf Haferkamp
grep -v "#" ldap.conf base dc=site bind_policy soft pam_lookup_policy yes pam_password exop nss_initgroups_ignoreusers root,ldap nss_schema rfc2307bis nss_map_attribute uniqueMember member ssl start_tls uri ldap://hh1.site ldap_version 3 pam_filter objectClass=posixAccount tls_cacertfile /etc/openldap/cacert.pem Now this is not /etc/openldap/ldap.conf but /etc/ldap.conf. And it contains yet another certificate configuration. So which one acutally is the correct certificate? /etc/openldap/cacert.pem or /etc/openldap/cacerts/YaST-CA.pem (which you said you have in configured in /etc/openldap/ldap.conf in your initial comment) or even: /etc/openldap/certs/cacert.pem
Please let me know if we're getting anywhere. Is it a big problem to be able to apply the workaround to Yast? Because it shouldn't be needed. And I am trying to find out why YaST created a broken setup in your case. We should fix the real issue instead of adding workarounds. For Samba it doesn't matter if TLS_CACERTDIR or TLS_CACERT are used unless there is either a bug in samba or the openldap client libs. At least when the correct certificate is present in TLS_CACERTDIR and the dir is properly hashed with c_rehash (which it seems to be in your case).
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.