Chris Hunter wrote: > I had to build the nss_ldap-226-10 rpm package from source for tls to > work. I downloaded the source rpm from rpm.pbone.net (couldn't find it > at ftp.scientificlinux.org) > > Here is what I did to enable TLS with ldap: > > edit /etc/ldap.conf > > -comment line: > host myldapserver:389 > > -comment line: > ssl start_tls > > -append lines: > uri ldaps://myldapserver > ssl on > > edit /etc/openldap/ldap.conf > -append line (I have a self-signed cert): > TLS_REQCERT allow > > nss_ldap package uses config file /etc/ldap.etc but openssl library > looks at /etc/openldap/ldap.conf > Very strange.. On my RHEL4U2 / x86 box: # ldd /lib/libnss_ldap* /lib/libnss_ldap-2.3.4.so: libcom_err.so.2 => /lib/libcom_err.so.2 (0x00908000) libdl.so.2 => /lib/libdl.so.2 (0x00984000) libresolv.so.2 => /lib/libresolv.so.2 (0x0034d000) libc.so.6 => /lib/tls/libc.so.6 (0x00e3a000) /lib/ld-linux.so.2 (0x006e1000) On my SL42 / x86 box: # ldd /lib/libnss_ldap-2.3.4.so libcom_err.so.2 => /lib/libcom_err.so.2 (0x00c3e000) libdl.so.2 => /lib/libdl.so.2 (0x009eb000) libresolv.so.2 => /lib/libresolv.so.2 (0x0082f000) libc.so.6 => /lib/tls/libc.so.6 (0x0058c000) /lib/ld-linux.so.2 (0x0046f000) So, I did a strings on the shared object, and counted how many (if any) references to TLS I could find. # strings /lib/libnss_ldap-2.3.4.so | grep -i tls | wc -l (both returned 77). /scratches head -Matt Cuttler