Hi Wolfgang, On Mi 10 Jul 2019 19:49:01 CEST, Wolfgang Schweer wrote:
Imo the fetch-ldap-cert script should be changed in any case like this to get the certificate into the LTSP chroot:
[...]
I don't see a reason for updating the LDAP cert in the chroot on every boot of the ltspserver, either.
If the file exists in the chroot, then fine. Otherwise, (and only then) retrieve it from TJENER (aka ldap.intern).
Furthermore, we should not forget discussing the issue about deploying the rootCA instead of the LDAP server cert. What do you think about that?
Mike -- DAS-NETZWERKTEAM c\o Technik- und Ökologiezentrum Eckernförde Mike Gabriel, Marienthaler str. 17, 24340 Eckernförde mobile: +49 (1520) 1976 148 landline: +49 (4351) 486 14 27 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
Attachment:
pgpz6WUQoP2kn.pgp
Description: Digitale PGP-Signatur