Ubuntu client ldap for implicitly trusted servers

Discussion in 'Linux & BSD' started by LordOfLA, Nov 28, 2012.

  1. LordOfLA

    LordOfLA Godlike!

    Messages:
    7,027
    Location:
    Maidenhead, Berkshire, UK
    On ubuntu clients (certainly 12.04/12.10) for some daft reason they linked ldap-utils against gnutls and linked that against a broken crypto backend due to GPL issues.

    If you trust the server you are talking to implicitly then make /etc/ldap/ldap.conf look like this:

    Code:
    #
    # LDAP Defaults
    #
    
    # See ldap.conf(5) for details
    # This file should be world readable but not world writable.
    
    #BASE   dc=example,dc=com
    #URI    ldap://ldap.example.com ldap://ldap-master.example.com:666
    
    #SIZELIMIT      12
    #TIMELIMIT      15
    #DEREF          never
    
    # TLS certificates (needed for GnuTLS)
    # TLS_CACERT    /etc/ssl/certs/ca-certificates.crt
    TLS_REQCERT allow
    TLS_CRLCHECK none