Darin Perusich schrieb:
Two questions :
1. Why is tls_checkpeer set to "no" or set at all ? I want have it either enabled or not set at all so that the configuration in /etc/openldap/ldap.conf is used as default.
tls_checkpeer is set to 'no' because you haven't defined tls_cacertdir or tls_cacertfile which are required for peer verification. This is described in nss_ldap(5).
Wrong. I just want to use the default which is explained in /etc/ldap.conf : # OpenLDAP SSL options # Require and verify server certificate (yes/no) # Default is to use libldap's default behavior, which can be configured in # /etc/openldap/ldap.conf using the TLS_REQCERT setting. The default for # OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes". #tls_checkpeer yes I just don't want to use 'no' and some script is forcing this upon me. No need for tls_cacertdir or other tls settings according to the text above.
2. Is "objectClass" in pam_filter objectClass=posixAccount spelled correctly ? I think it should be spelled objectclass with a small c.
Case doesn't matter for these identifiers but it's common practice when an identifier is a concatenation of multiple words to use upper case for the first letter the successive words. It's lends to the readability but that is it.
objectclass is used multiple times in ldap.conf like #pam_filter objectclass=aixAccount, there is just a single case with upper C and i asked myself why. Looked like some anomaly. -- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-autoinstall+help@opensuse.org