3 Jun
2020
3 Jun
'20
11:43 a.m.
On 6/3/20 8:35 PM, Dale Thompson - NOAA Federal wrote:
I'm not certain the hack redhat added to force openldap to use nss actually causes openldap to use the nss cert store. My rhel6 openldap servers appear to just use the PEM certs they would have used as if redhat never messed with forcing openldap to use nss, but rather left it at openssl. I did check and slapd is linked against the nss libs, but using the pem file in /etc/openldap/cacerts.
I vaguely remember that they have implemented a PKCS#11 module for using PEM files as key store with libnss.
Ciao, Michael.