<html><body><div style="font-family: lucida console,sans-serif; font-size: 12pt; color: #000000"><div>Hello Daniel,<br></div><div>That explains a lot. Is ldap module compatible with SSSD ? <br></div><div><br></div><div>Slava.<br></div><div><br></div><hr id="zwchr"><div style="color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;" data-mce-style="color: #000; font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;"><b>From: </b>"Daniel-Constantin Mierla" <miconda@gmail.com><br><b>To: </b>"Kamailio (SER) - Users Mailing List" <sr-users@lists.sip-router.org><br><b>Sent: </b>Thursday, April 10, 2014 3:11:41 AM<br><b>Subject: </b>Re: [SR-Users] ldap SSL<br><div><br></div>Hello,<br> <br> the module in kamailio doesn't have an option for ca list. This should be a configuration option for ldap server to know which trusted CA to use. The ldap client library should have the option to set the certificate and key.<br> <br> Cheers,<br> Daniel<br> <br><div class="moz-cite-prefix">On 10/04/14 00:27, Slava Bendersky wrote:<br></div><blockquote cite="mid:1430766563.4523155.1397082421257.JavaMail.zimbra@skillsearch.ca"><div style="font-family: lucida console,sans-serif; font-size:
        12pt; color: #000000" data-mce-style="font-family: lucida console,sans-serif; font-size: 12pt; color: #000000;"><div>Hello Everyone,<br></div><div>Tried look through documentation and couldn't find anything about it ?<br></div><div>Any suggestions ?<br></div><div><br></div><div><br></div><div>Slava.<br></div><div><br></div><div><br></div><hr id="zwchr"><div style="color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;" data-mce-style="color: #000; font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;"><b>From: </b>"Slava Bendersky" <a class="moz-txt-link-rfc2396E" href="mailto:volga629@networklab.ca" target="_blank" data-mce-href="mailto:volga629@networklab.ca"><volga629@networklab.ca></a><br> <b>To: </b><a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.sip-router.org" target="_blank" data-mce-href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a><br> <b>Sent: </b>Monday, April 7, 2014 1:57:53 PM<br> <b>Subject: </b>[SR-Users] ldap SSL<br><div><br></div><div style="font-family: lucida console,sans-serif; font-size:
            12pt; color: #000000" data-mce-style="font-family: lucida console,sans-serif; font-size: 12pt; color: #000000;"><div>Hello Everyone,<br></div><div>How I can specify ldap CA cert in ldap configuration ?<br></div><div><br></div><div>The directive  ca_list  bellow is ignored.<br></div><div><br></div><div><br></div><div>[07/Apr/2014:13:40:37 -0400] conn=20 op=-1 fd=70 closed - Peer does not recognize and trust the CA that issued your certificate.<br> [07/Apr/2014:13:40:37 -0400] conn=22 op=-1 fd=64 closed - Encountered end of file.<br><div><br></div></div><div><br></div><div>Current config<br></div><div><br></div><div>ldap_server_url = <a class="moz-txt-link-rfc2396E" href="ldaps://ds389.network.com:636" target="_blank" data-mce-href="ldaps://ds389.network.com:636">"ldaps://ds389.network.com:636"</a><br> ldap_bind_dn = "uid=adm,ou=People,dc=network,dc=com"<br> ldap_bind_password = "password"<br> authtype = simple<br> tls = on<br> ca_list = /etc/kamailio/cert/ca-cert_ldap.pem<br><div><br></div></div></div><br> _______________________________________________<br> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list<br> <a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.sip-router.org" target="_blank" data-mce-href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a><br> <a class="moz-txt-link-freetext" href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users" target="_blank" data-mce-href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a><br></div><div><br></div></div><br><fieldset class="mimeAttachmentHeader"></fieldset><br><pre>_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.sip-router.org" target="_blank" data-mce-href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a>
<a class="moz-txt-link-freetext" href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users" target="_blank" data-mce-href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a>
</pre></blockquote><br><pre class="moz-signature">-- 
Daniel-Constantin Mierla - <a class="moz-txt-link-freetext" href="http://www.asipto.com" target="_blank" data-mce-href="http://www.asipto.com">http://www.asipto.com</a>
<a class="moz-txt-link-freetext" href="http://twitter.com/#!/miconda" target="_blank" data-mce-href="http://twitter.com/#!/miconda">http://twitter.com/#!/miconda</a> - <a class="moz-txt-link-freetext" href="http://www.linkedin.com/in/miconda" target="_blank" data-mce-href="http://www.linkedin.com/in/miconda">http://www.linkedin.com/in/miconda</a><br data-mce-bogus="1"></pre><br>_______________________________________________<br>SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list<br>sr-users@lists.sip-router.org<br>http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users<br></div><div><br></div></div></body></html>