Comment 5 for bug 257153

Thanks, for the info. Putting the missing cert in /etc/ssl/certs/ca-certificates.crt and adding:

TLS_CACERT /etc/ssl/certs/ca-certificates.crt

...to my ldap.conf fixed the connection problem for me. Any idea as to why my setup was working in Gutsy? Previously, I only had:

TLS_CACERTDIR /usr/share/ca-certificates/mozilla

in my ldap.conf and had no issues until upgrading to Hardy. Could it be that before only the CA cert was being checked and not the entire chain? The CA is Verisign and the cert is present in the /usr/share/ca-certificates/mozilla directory.

Also, is /etc/ssl/certs/ca-certificates.crt the place to put additional certs? Is this file ever auto-generated or overwritten by anything else?