http://bugzilla.novell.com/show_bug.cgi?id=619549 http://bugzilla.novell.com/show_bug.cgi?id=619549#c3 --- Comment #3 from Ralf Haferkamp <rhafer@novell.com> 2010-07-06 11:50:03 CEST --- Hm the correct fix would probably be to write the correct settings to /etc/openldap/ldap.conf from the ldap-server module (The ldap-server module writes /etc/openldap/ldap.conf when using the UI wizward) . However I ran into a bit of a problem with that. 1. If I write /etc/openldap/ldap.conf using the etc.ldap_conf agent, even with flushing the caches Write(.src.ldap_conf, "force"), the kerberos-server module seems to ignore the values. I don't know exactly what it does but it just seems to be using the ldap-client/ldap modules. 2. The ldap-server module writes "host localhost" to the /etc/openldap/ldap.conf, but during the run of kerberos-server this is somehow changed to "host 127.0.0.1" which will break the certificate verification of libldap. Only when "localhost" is used libldap will try to figure out the real hostname for certificate verification. I have no idea where this change from localhost to "127.0.0.1" happens, it might be ldap-client or kerberos-server. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.