Re: TLS configuration needs client certification (why?)

On Sunday 26 August 2007 20:16:14 Frank Cornelissen wrote:

No, that didn't work. The problem is a bad interaction with libnss_ldap and slapd, that share the same ldap connection context (same process). libnss-ldap does (rightfully) want to check the certificate of the server, and sets this option when it is activated. That happens after the slapd.conf is read. My solution for now is to run slapd in a chroot jail which does not reference nss-ldap, so this problem does not occur.

The other workaround for problems like this is to use nscd ...