I know this forum is about sssd, but I am working with a customer that cannot run sssd due to a

configuration issue on their ldap servers.     I didn’t know where else to ask this question other

than to raise a formal elevation which I can do if so requested or this is found to be a bug.

 

This customer has opted to use nslcd over encrypted links.      In testing this configuration I noticed

two oddities.    These two lines are required in nslcd.conf to get the encryption started:

 

ssl start_tls

ssl on

 

I was always under the impression that if you use ssl, you shouldn’t use or start TLS and visa versa,

if TLS has been started, then don’t start ssl.     Am I misinterpreting what is being enabled with these

two options.

 

What is even stranger, is that they are position dependent.   The start_tls line must come before the

ssl on line otherwise the encryption will not start correctly and the connections will fail. 

 

To my knowledge this seems to be the only position dependent option I have run it to so far.

 

Was this intended  ?

 

Al Licause

HP L2 UNIX Network Services

HP Customer Support Center

Hours 7am-3pm Pacific time USA

Manager: tom.cernilli@hp.com