Re: Using NSS

On Sun, 2012-02-05 at 09:43 -0700, Chris Jacobs wrote:

Yes: Specify your cacert file in openldap's ldap.conf file (NOT PADL's in /etc/): typically /etc/openldap/ldap.conf or perhaps /usr/local/openldap/etc/openldap/ldap.conf.

That's it. Thank you!

If the cert is signed by a real CA then your system's cacert bundle needs updating.

It's self-signed. And (I *think*) things are working.

And use openssl vs mozilla's ssl - my understanding is that it doesn't quite work right; especially when building openldap.

I'm using Fedora's binaries; and they're built against NSS these days.

Braden