Fix for Fedora Linux Core 2 LDAP authentication problem

Just few minutes after posting to Fedora mailing, I’ve managed to find the solution to my problem with LDAP authentication in Fedora Linux Core 2. Murphy’s law in action. :)

It seems that there was an undocumented change in default behavior. File /etc/ldap.conf (provided by nss_ldap) says:

# OpenLDAP SSL options
# Require and verify server certificate (yes/no)
# Default is "no"
# tls_checkpeer yes

A simple change to:

# OpenLDAP SSL options
# Require and verify server certificate (yes/no)
# Default is "no"
tls_checkpeer no

fixes the problem.

Leave a Comment