Chris Hunter wrote:
> Hi,
> 
> Does anyone know if the nss_ldap rpm package in SL4x (nss_ldap-226-10) 
> is compiled with ssl support ?

Well, If I:
    rpm -ql nss_ldap
I get a long list of files including:
    /lib/security/pam_ldap.so
If I then do a:
     ldd /lib/security/pam_ldap.so
I get a list of referenced libraries, including:
     libcrypto.so.4 => /lib/libcrypto.so.4 (0x0023a000)
If I
     ls -l /lib/libcrypto.so.4
I find it's really as symlink
    /lib/libcrypto.so.4 -> libcrypto.so.0.9.7a
And if I
    rpm -qf /lib/libcrypto.so.0.9.7a
I find that's from openssl-0.9.7a-43.4.

So yes, nss_ldap *was* built with ssl support.

> Anybody using ldap + ssl on scilinux ?

I talked with a guy at SLAC who was using it on Red Hat Enterprise,
which is remarkably similar to Scientific Linux... I believe it was
working for him.

I note also that the "rpm -ql nss_ldap" above also has:

   /usr/share/doc/nss_ldap-226/README.TLS

(where TLS is the newer name for SSL...) which mentions that
hostnames in the ldap.conf file need to match up letter for letter
with (I assome the CN=... part of) certificates on servers.

Marc