Bug#277767: [Pkg-shadow-devel] Bug#277767: Progress on this bug report?

Greg Matthews gmatt at nerc.ac.uk
Mon Mar 6 09:55:23 UTC 2006

On Mon, 2006-03-06 at 00:43 +0200, Alexander Gattin wrote:
> I first heard about TLS_CACERTDIR from you. What is it
> usually used for? Having different CA trusted by user
> gathered in one place?

yes, you can have a number of different CA certs depending on what you
are connecting to. Dropping them into a directory means the ldap tools
will be able to use them (after the symbolic links have been set up).

> It looks like bug is in libnss-ldap, or libpam-ldap,
> not in su, but this has to be proven first.


> OK, so you don't use samba schemas, neither do smbldap-*
> tools...

samba integration is on my todo list.

> BTW, what tools do you use for user/group account
> maintenance? ldapscripts?

i use some perl scripts that are based on some code I found on the web
and then heavily modified. Its not great but it works. Really only
useful for adding and deleting, modifications are best done via a
browser/editor like GQ or JXplorer (GQ is best but development is
stalled, JXplorer is Java and works cross-platform) or one of the web
browser based utils.


> P.S. thanks for your help, Greg.
Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford

This message (and any attachments) is for the recipient only. NERC
is subject to the Freedom of Information Act 2000 and the contents
of this email and any reply you make may be disclosed by NERC unless
it is exempt from release under the Act. Any material supplied to
NERC may be stored in an electronic records management system.

More information about the Pkg-shadow-devel mailing list