Subject: | |
From: | |
Reply To: | |
Date: | Fri, 23 Jan 2009 13:26:22 +0000 |
Content-Type: | TEXT/PLAIN |
Parts/Attachments: |
|
|
On Fri, 23 Jan 2009, Olf Epler wrote:
> Hello,
>
> following the related parts of slapd.conf:
>
> TLSCACertificateFile /usr/etc/openldap/CA/cacert.pem
> TLSCertificateFile /usr/etc/openldap/CA/sacert.pem
> TLSCertificateKeyFile /usr/etc/openldap/CA/sackey.pem
>
> The server runs as follows:
>
> /usr/libexec/slapd -u ldap -h ldap:/// ldaps:///
>
> Normally the port 389 (ldap:///) is closed.
>
> and ldap.conf:
>
> base dc=organization,dc=com
> uri ldaps://ldap_server.organizatiom.com
> sizelimit 0
> bind_policy soft
> tls_cacert /usr/etc/openldap/CA/cacert.pem
> tls_checkpeer yes
>
> -> new
> ssl yes
>
> The file cacert.pem is a self signed certificate I created
> together with sacert.pem and the key file sakey.pem.
>
> As I already wrote - exactly the same configuration works without
> any problems on different installations including SL-5.1.
> Therefore it's not clear for me why I have now to set the port option
> because I use uri!
>
> Regards, Olf Epler
The case I was thinking of was that in the changelog of nss_ldap it
mentioned that 'port' in the ldap.conf was previously being ignored, so a
config mentioning it might work and then stop after the upgrade (from 5.1
to 5.2 say).
If you don't have port mentioned then it seems unlikely that is the issue.
Can you tell if the client is actually trying to connect to the ldap
server - and if so check that it is doing so on the right address/port?
-- Jon
|
|
|