Hi,

* Correct me if I am wrong.

* In web browser, if I go to a SSL site, I need to install a CA from the SSL site, so the web browser trusts it.

* I assume my ubuntu box is working the same way.

* That is if I need to do ldap bind or search, I need to install the CA and put it in /etc/ldap/ldap.conf

* It works well, if I only have 1 CA in ldap.conf.

* If I put 2 CAs in ldap.conf, only the last one will work. e.g.

BASE dc=a,dc=b,dc=c,dc=d
URI ldaps://somesite.com
TLS_REQCERT demand
TLS_CACERT /etc/ssl/certs/1.cert

BASE ou=e,o=f
URI ldaps://somesite1.com
TLS_REQCERT demand
TLS_CACERT /etc/ssl/certs/2.cert

I need to know how to put 2 CAs in ldap.conf