http://bugzilla.novell.com/show_bug.cgi?id=629549 http://bugzilla.novell.com/show_bug.cgi?id=629549#c yang xiaoyu changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |xyyang@novell.com AssignedTo|bnc-team-screening@forge.pr |jsuchome@novell.com |ovo.novell.com | -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

http://bugzilla.novell.com/show_bug.cgi?id=629549 http://bugzilla.novell.com/show_bug.cgi?id=629549#c3 Volker _ changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|volker@openbios.org | --- Comment #3 from Volker _ 2010-08-10 10:11:05 UTC --- (In reply to comment #2)

And did you set TLS_CACERTDIR in YaST LDAP module?

I don't understand your question exactly. I assume you are referring to the Yast 'LDAP Client' module. There is a field called 'Certificate Directory' in 'Advanced Configuration'. The field has the value '/etc/openldap/cacerts'. This is the default value of that field, i have not changed it. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

http://bugzilla.novell.com/show_bug.cgi?id=629549 http://bugzilla.novell.com/show_bug.cgi?id=629549#c5 Volker _ changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|rhafer@novell.com | --- Comment #5 from Volker _ 2010-08-10 11:59:45 UTC --- (In reply to comment #4)

Yes, that's what I asked for. This means YaST should save that value to /etc/ldap.conf as tls_cacertdir.

Yast does: tls_cacertdir /etc/openldap/cacerts/ is present in my /etc/ldap.conf

But you say you need to have it in /etc/openldap/ldap.conf as well, right?

Right. *11.3* seems to need it in /etc/openldap/ldap.conf as well. Maybe this is related to openssl 1.0.0 in 11.3. You can test this yourself on a 11,3 standard intallation. Configure a LDAP server with TLS enabled using Yast's 'LDAP Server' module than try to access your server with the 'LDAP Browser' module. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=629549 https://bugzilla.novell.com/show_bug.cgi?id=629549#c6 Ralf Haferkamp changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|rhafer@novell.com | --- Comment #6 from Ralf Haferkamp 2010-08-17 12:13:33 CEST --- (In reply to comment #4)

Yes, that's what I asked for. This means YaST should save that value to /etc/ldap.conf as tls_cacertdir. But you say you need to have it in /etc/openldap/ldap.conf as well, right?

Ralf? Yes the option should be written to /etc/openldap/ldap.conf as "TLS_CACERTDIR" as well. So that the OpenLDAP commandline tools work as expected.

-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=629549 https://bugzilla.novell.com/show_bug.cgi?id=629549#c8 Volker _ changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|volker@openbios.org | --- Comment #8 from Volker _ 2010-08-17 10:30:46 UTC ---

I wonder how adding "TLS_CACERTDIR /etc/openldap/cacerts/" can fix the problem if you certificate resides in "/etc/ssl/certs/myown-ca.cert.pem" (as you mention in the bug description). Is that really the case?

"/etc/ssl/certs/myown-ca.cert.pem" is where the CA cert resides on server side. I don't think the location on server side does actually matter, as this bug turned out to be solely a client problem. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=629549 https://bugzilla.novell.com/show_bug.cgi?id=629549#c10 Ralf Haferkamp changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|rhafer@novell.com | --- Comment #10 from Ralf Haferkamp 2010-08-17 16:42:49 CEST --- (In reply to comment #9)

So, is it the same for TLS_CACERFILE vs. tls_cacertfile in /etc/ldap.conf?

Or is the key name different? It's different *sigh*. That option is named "TLS_CACERT" in /etc/openldap/ldap.conf

-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=629549 https://bugzilla.novell.com/show_bug.cgi?id=629549#c12 Андрей Кувшинов changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |m407@mail.ru --- Comment #12 from Андрей Кувшинов 2010-10-18 17:24:45 UTC --- *** Bug 645194 has been marked as a duplicate of this bug. *** http://bugzilla.novell.com/show_bug.cgi?id=645194 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.