New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nsslapd-extract-pemfiles should be enabled by default as openldap is moving to openssl #2619
Comments
Comment from tbordaz (@tbordaz) at 2018-02-06 19:37:05 Metadata Update from @tbordaz:
|
Comment from tbordaz (@tbordaz) at 2018-02-06 19:37:20 Metadata Update from @tbordaz:
|
Comment from tbordaz (@tbordaz) at 2018-02-06 19:53:02 |
Comment from mhonek (@kenoh) at 2018-02-06 21:39:44 Patch looks good to me. ACK+ |
Comment from mhonek (@kenoh) at 2018-02-06 21:53:43 Metadata Update from @kenoh:
|
Comment from mreynolds (@mreynolds389) at 2018-02-07 00:38:58 |
Comment from spichugi (@droideck) at 2018-03-07 09:40:42 commit 73638d6 |
Comment from mhonek (@kenoh) at 2019-02-19 16:09:26 Metadata Update from @kenoh:
|
Cloned from Pagure issue: https://pagure.io/389-ds-base/issue/49560
Issue Description
Due to a change in the OpenLDAP client libraries (switching from NSS to OpenSSL), the TLS options LDAP_OPT_X_TLS_CACERTFILE, LDAP_OPT_X_TLS_KEYFILE, LDAP_OPT_X_TLS_CERTFILE, need to specify path to PEM files.
Those PEM files are extracted from the key/certs from the NSS db in /etc/dirsrv/slapd-xxx
Those files are extracted if the option (under 'cn=config') nsslapd-extract-pemfiles is set to 'on'.
The default value is 'off', that prevent secure outgoing connection.
Package Version and Platform
1.3.7
Steps to reproduce
see related BZ
Actual results
Expected results
The text was updated successfully, but these errors were encountered: