tls_checkpear = no
This is correct, AFAIK. Now the default value of tls_checkpear is true.
Ralf, could you comment? Not much to comment on here. Using TLS without Certificate verification isn't exactly secure. That's why we don't add the "tls_checkpear no" any longer in 11.3. That means that you need to provide the yast2 Module the CA Certificate
http://bugzilla.novell.com/show_bug.cgi?id=623752
http://bugzilla.novell.com/show_bug.cgi?id=623752#c3
Ralf Haferkamp
(In reply to comment #1)
about the port that is being used...
it looks like the "ssl on" line in /etc/ldap.conf isn't being added when checking the "SSL/TLS" checkbox and so the LDAP queries are going to the ldap port instead of the ldaps port
Checking "SSL/TLS" should add "ssl start_tls" line, not "ssl on". Or was anything changed? No. We always used "ssl start_tls". StartTLS is the standardized way to do TLS with LDAP and it doesn't use the (only semi-official) ldaps port (636).
[I adjusted the product as this is a bugreport against 11.3 and not 11.2] -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.