Hi, On Tue, Aug 18, 2009 at 12:50, Eric B.<ebenze at hotmail.com> wrote: > Any suggetsions / ideas? I believe you have to copy the certificate to /etc/openldap/cacerts/ in the LDAP client. The certificate file name there is special, it should be hashed from the certificate data... I believe the easiest way to install it there is using the "authconfig" command and specifying the certificate URL. You should also have TLS_CACERTDIR /etc/openldap/cacerts on /etc/openldap/ldap.conf (not only /etc/ldap.conf, they are different!) I also did not have much luck with self-signed certificates with LDAP, I had to create a self-signed certificate for a "dummy" CA, and then use that certificate to sign a certificate for the LDAP server with the server's name as a cn. I believe you should be able to test it using "ldapsearch" with the "-Z" and "-ZZ" options in order to require TLS and see if that works. I suggest you first get that part working fine before going on with your libuser configuration... LDAP with TLS is kind of a pain to set up... but once it is running it really works OK. HTH, Filipe