Am Montag 26 Oktober 2009 19:32:53 schrieb Nicholas Tung:

Hi all,

I liked much of the YaST LDAP setup (particularly adding new users through the same UI as adding local users), but overall it did take a while to get set up. Here are a few simple things that might make it easier (sorry I'm not a YaST developer),

* undo the wizard if it fails to start the daemon. Otherwise, the root objects will not get created (this step happens after it tries to start the daemon), leading to many confusing errors.

This sounds like a bug. Could you please report it via bugzilla? With exact steps how to reproduce it please. (Preferably tested with a recent 11.2 milestone as some bugs have been fixed in the yast2-ldap-server module recently)

* make sure user "ldap" can read the certificate files, or else the daemon will not start (error above) if the "slp dameon" box is enabled.

Hm, the ldap-server adds filesystem ACLs to the certificates so that the user "ldap" can read them. If this doesn't work this is a bug as well. Note however that this should have nothing to do with SLP checkbox. If the "ldap" user cannnot read the certificates it should not start regardless of the SLP setting.

* allow the client to import self-signed certificate files. I'm still not sure why this isn't working correctly, since overriding TLS_CACERT in /etc/openldap/ldap.conf seemed to fix the problem for the command line tools.

Hm, could you elaborate a bit on this? I am not sure I understand you correctly. Probably you should at this as a feature request to features.opensuse.org. -- regards and thank you for your valueable feedback, Ralf -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org For additional commands, e-mail: yast-devel+help@opensuse.org