[sudo-users] Sudo LDAP+TLS in 1.7.2
Tony G.
tonysk8 at gmail.com
Tue Sep 21 12:21:33 EDT 2010
I got only a cert, a key and the ca:
ls -l /etc/openldap/cacerts/
-rw-r--r-- 1 root root 834 Jul 30 19:40 ca.pem
-rw-r--r-- 1 root root 887 Jul 30 19:40 cert.pem
-rw-r--r-- 1 root root 887 Jul 30 19:40 key.pem
Probably I should open a bug.
On Tue, Sep 21, 2010 at 11:18 AM, Todd C. Miller
<Todd.Miller at courtesan.com>wrote:
> In message <AANLkTimPZ7fsRE-Ob04mTy3+7H5JKa5ndF6pCseMMc2z at mail.gmail.com<AANLkTimPZ7fsRE-Ob04mTy3%2B7H5JKa5ndF6pCseMMc2z at mail.gmail.com>
> >
> so spake "Tony G." (tonysk8):
>
> > Looks like this version(1.7.2) ignores my line:
> > tls_cacertdir /etc/openldap/cacerts
>
> Strange, it looks like it is being parsed OK. I don't know why
> openldap (or openssl) would not be using it unless there are multiple
> CA files in the directory with conflicting data.
>
> > I needed to add:
> > *tls_cacertfile* /etc/openldap/cacerts/ca.pem
>
> Whoops, I meant to change that to tls_cacertfile before I sent it.
>
> - todd
>
--
Tony
http://blog.tonyskapunk.net
More information about the sudo-users
mailing list