Subject: | |
From: | |
Reply To: | |
Date: | Thu, 6 Jul 2006 20:54:04 -0400 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Chris Hunter wrote:
> I had to build the nss_ldap-226-10 rpm package from source for tls to
> work. I downloaded the source rpm from rpm.pbone.net (couldn't find it
> at ftp.scientificlinux.org)
>
> Here is what I did to enable TLS with ldap:
>
> edit /etc/ldap.conf
>
> -comment line:
> host myldapserver:389
>
> -comment line:
> ssl start_tls
>
> -append lines:
> uri ldaps://myldapserver
> ssl on
>
> edit /etc/openldap/ldap.conf
> -append line (I have a self-signed cert):
> TLS_REQCERT allow
>
> nss_ldap package uses config file /etc/ldap.etc but openssl library
> looks at /etc/openldap/ldap.conf
>
Very strange..
On my RHEL4U2 / x86 box:
# ldd /lib/libnss_ldap*
/lib/libnss_ldap-2.3.4.so:
libcom_err.so.2 => /lib/libcom_err.so.2 (0x00908000)
libdl.so.2 => /lib/libdl.so.2 (0x00984000)
libresolv.so.2 => /lib/libresolv.so.2 (0x0034d000)
libc.so.6 => /lib/tls/libc.so.6 (0x00e3a000)
/lib/ld-linux.so.2 (0x006e1000)
On my SL42 / x86 box:
# ldd /lib/libnss_ldap-2.3.4.so
libcom_err.so.2 => /lib/libcom_err.so.2 (0x00c3e000)
libdl.so.2 => /lib/libdl.so.2 (0x009eb000)
libresolv.so.2 => /lib/libresolv.so.2 (0x0082f000)
libc.so.6 => /lib/tls/libc.so.6 (0x0058c000)
/lib/ld-linux.so.2 (0x0046f000)
So, I did a strings on the shared object, and counted how many (if any)
references to TLS I could find.
# strings /lib/libnss_ldap-2.3.4.so | grep -i tls | wc -l
(both returned 77).
/scratches head
-Matt Cuttler
|
|
|