[MacTUG] SSL and LDAP in Leopard
Marlon A. Griffith
m3griffi at engmail.uwaterloo.ca
Mon Dec 10 09:33:33 EST 2007
Be careful what you wish for, you just might get it...
Starting with Leopard the OS X LDAP client is much more restrictive
about which SSL certificates it trusts. It will adamantly refuse to
use any cert you have explicity told it is ok. Technically this is a
deeper issue with anything using OpenSSL, but chances are you'll
notice it first, and hardest, with LDAP.
Making this even more complicated is the idea that the new behavior
is more secure than the old 10.4 behavior, so it's rather hard to get
too angry about the change. However, things not working makes an
admin cranky regardless of the bigger picture.
Read on for how to troubleshoot this and then how to work with it or around it.
http://www.afp548.com/article.php?story=20071203011158936
More information about the MacTUG
mailing list