On the topic of OpenLDAP, be careful when setting up LDAP and TLS using the GNU TLS library. Especially if you plan on using libpam-ldap libraries compiled with libgnutls7. The CA Certificate must be known by OpenLDAP clients or SSL connections will fail for anything compiled with libgnutls instead of OpenSSL. The line you need to add is either: TLS_CACERT <filename> or TLS_CADIR <directory> to the /etc/ldap/ldap.conf file. Do this, and you won't have the headaches I did. This is especially true of people using Debian sarge or sid. -- Chad Walstrom <chewie at wookimus.net> http://www.wookimus.net/ assert(expired(knowledge)); /* core dump */ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 240 bytes Desc: not available Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20030905/df22cb49/attachment.pgp