On Sun, Nov 13, 2011 at 07:09:07AM +0100, lynn wrote: [ 8< ]
It took some heated discussion over on the samba list and I think it must be a bug in Yast ldap server and samba when 'use tls' is checked in the ldap server dialogue. Following the yast setup does not work. You have to add:
TLS_REQCERT hard TLS_CACERT /etc/openldap/cacerts/YaST-CA.pem
to the file
/etc/openldap/ldap.conf
Restart ldap and samba in that order and samba talks to ldap over TLS.
Do you think that I should register as a bug in Yast? If so, do Yast bugs live at novell bugzilla?
Please do and also add a pointer to the archived thread at https://lists.samba.org/ and to this thread archived at http://lists.opensuse.org/opensuse/2011-11/msg00363.html As you started several threads around this topic please also consider to add pointers to the others too. Then it's much easier for the YaST developers to follow and to address the issue. And yes, the bug tracker for YaST and all openSUSE and SUSE Linux Enterprise issues still is at bugzilla.novell.com Unfortunately nobody spoke up to maintain a separate bugzilla instance for openSUSE. And I must warn you this is a lot of work. Björn and I did this for the Samba bugzilla and even if we had lot of fun and coffee at the SerNet office it nevertheless was somehow painful. Lars -- Lars Müller [ˈlaː(r)z ˈmʏlɐ] Samba Team SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany