lists.arthurdejong.org
RSS feed

Re: TLS_CACERT option in nslcd.conf

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: TLS_CACERT option in nslcd.conf



On Sat, 2014-06-07 at 18:19 +0530, Murukesh Mohanan wrote:
> I don't think nslcd uses values from /etc/ldap/ldap.conf
> or /etc/ldap.conf, or the LDAP environment variables.

It is correct that nslcd ignores various other LDAP configuration files
and environment variables, otherwise you could be left with very
difficult to debug configuration problems.

> And I don't think it uses a default value (I have added my CA cert to
> the usual location in Ubuntu:
> /etc/ssl/certs/ca-certificates.crt). Perhaps you could add a debconf
> setting? It's a feature request but hopefully a light one.

The debconf configuration only includes some basic configuration for
setting up nslcd. Adding an option for configuring tls_cacertfile isn't
that difficult but testing the debconf interaction is quite some work
(especially in combination with preseeding) and it requires coordination
with translators.

In any case, the best way to do this is just to install a nslcd.conf
file before the installation of the package. This should be handled
correctly by nslcd's installation scripts.

Can you file a bug report for this in either de Debian BTS or Launchpad?

Thanks,

-- 
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org/ --
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/