https://bugzilla.novell.com/show_bug.cgi?id=689456
https://bugzilla.novell.com/show_bug.cgi?id=689456#c5
Ralf Haferkamp changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|P5 - None |P3 - Medium
Status|ASSIGNED |NEEDINFO
InfoProvider| |wolfgang@rosenauer.org
--- Comment #5 from Ralf Haferkamp 2011-05-12 15:31:24 CEST ---
Hm, I am not able to reproduce this problem on my test system. When I am
testing this yast2-ldap-client always correctly creates the correct tls_cacert*
options in /etc/ldap.conf /etc/openldap/ldap.conf and /etc/sssd/sssd.conf. In
your case they are clearly missing. Can you give some more detailed steps how
you setup your system and when exactly you get that error message (I was using
the steps from the initial bug description)?
There is however a glitch in the sssd.conf and /etc/ldap.conf as created by
yast2-ldap-client. It uses the IP Address 127.0.0.1 instead of "localhost" this
will make certificate verification fail as well (unless you have 127.0.0.1 as a
"Subject Alt Name" in your server certificate, which doesn't make any sense).
But the failure message should be different to yours (something about not
matching hostname and CN-Attribute).
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.