https://bugzilla.novell.com/show_bug.cgi?id=757715 https://bugzilla.novell.com/show_bug.cgi?id=757715#c0 Summary: bad openldap cert checking Classification: openSUSE Product: openSUSE 12.1 Version: Final Platform: All OS/Version: openSUSE 12.1 Status: NEW Severity: Normal Priority: P5 - None Component: Other AssignedTo: rhafer@suse.com ReportedBy: bwiedemann@suse.com QAContact: qa-bugs@suse.de CC: lnussel@suse.com Found By: --- Blocker: --- When using ldaps in a default openSUSE install, ldap.conf is empty and any ldaps access fails:
ldapsearch -H ldaps://pan.suse.de -x -b "o=novell" uid=bwiedemann ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
In order to work, this needs in /etc/openldap/ldap.conf: TLS_CACERTDIR /etc/ssl/certs But it turned out, that also any invalid value for TLS_CACERTDIR makes it work, because the code falls back to the default ssl path. e.g. TLS_CACERTDIR invalidxx invalid TLS_CACERT values don't seem to trigger this fallback. If this could not be fixed in the code, it would be good to still have a line in the config with #TLS_CACERTDIR /etc/ssl/certs -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.