On Tue, 13 Sep 2011, Adrian Hall wrote: > I'm totally with you on the SSL/TLS. I've been swearing at that > particular element for over two weeks now. Since there is no > slapd.conf any more, the method of introducing a certificate is not > logical, nor documented. Heh. To date, I've only setup CentOS 6 as an LDAP client. All my LDAP servers run CentOS 5. > I haven't looked into sssd. Since it isn't installed by default on > CentOS, why would that be a requirement? (not saying it isn't a > good thing, but I'd probably defer that to another document as with > the other elements you suggested) Concerning sssd, CentOS 6 kickstart will install and activate it if you specify installation of the "Directory Client" package group. Since that group looks like something that folks might want to install on LDAP clients, I suspect it'll be more widely deployed than you think. -- Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/