Chris Hunter wrote:
> I had to build the nss_ldap-226-10 rpm package from source for tls to
> work. I downloaded the source rpm from rpm.pbone.net (couldn't find it
> at ftp.scientificlinux.org)
>
> Here is what I did to enable TLS with ldap:
>
> edit /etc/ldap.conf
>
> -comment line:
> host myldapserver:389
>
> -comment line:
> ssl start_tls
>
> -append lines:
> uri ldaps://myldapserver
> ssl on
>
> edit /etc/openldap/ldap.conf
> -append line (I have a self-signed cert):
> TLS_REQCERT  allow
>
> nss_ldap package uses config file /etc/ldap.etc but openssl library
> looks at /etc/openldap/ldap.conf
>
Very strange..


On my RHEL4U2 / x86 box:
# ldd /lib/libnss_ldap*
/lib/libnss_ldap-2.3.4.so:
        libcom_err.so.2 => /lib/libcom_err.so.2 (0x00908000)
        libdl.so.2 => /lib/libdl.so.2 (0x00984000)
        libresolv.so.2 => /lib/libresolv.so.2 (0x0034d000)
        libc.so.6 => /lib/tls/libc.so.6 (0x00e3a000)
        /lib/ld-linux.so.2 (0x006e1000)

On my SL42 / x86 box:
# ldd /lib/libnss_ldap-2.3.4.so
        libcom_err.so.2 => /lib/libcom_err.so.2 (0x00c3e000)
        libdl.so.2 => /lib/libdl.so.2 (0x009eb000)
        libresolv.so.2 => /lib/libresolv.so.2 (0x0082f000)
        libc.so.6 => /lib/tls/libc.so.6 (0x0058c000)
        /lib/ld-linux.so.2 (0x0046f000)


So, I did a strings on the shared object, and counted how many (if any)
references to TLS I could find.
# strings /lib/libnss_ldap-2.3.4.so | grep -i tls | wc -l
(both returned 77).

/scratches head

-Matt Cuttler