SCIENTIFIC-LINUX-USERS Archives

January 2009

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: ssl ldap on SL-5.2 x86_64
From:
Olf Epler <[log in to unmask]>
Reply To:
Olf Epler <[log in to unmask]>
Date:
Fri, 23 Jan 2009 12:30:17 +0100
Content-Type:
TEXT/PLAIN
Parts/Attachments:
TEXT/PLAIN (39 lines) 
  Hello again,

maybe an other usefull information, before people ask me to
send other config files for ldap/slapd.
I can check my certifications with
openssl s_client -CAfile cacert.pem -connect ldap_server:636
without any problems.
The last line is:
Verify return code: 0 (ok)

  Regards, Olf Epler

> 
> At least two types of problems were reported with ldap use at about the 
> time that the updates for sl52 came out.
> 
> One was related to dbus not being listed as an ignoregroups option and so 
> systems would hang during dbus startup.
> 
> Another was related to changes in nss_ldap which changes how the 
> ldap.conf was being parsed - so previously working configs stopped - and 
> most of the reported problems were with people using ssl.  That may have 
> been related to the port option in the config (or might not).
> 
> Using "ldap://<server>" and "ssl tls_start" may work depending on whether 
> your ldap server allows starttls.
> 
> If you include a copy of your /etc/ldap.conf (and perhaps the ldap server 
> config) it may all be obvious to those who had the problems last year...
> 

----------------------------------------------------------
Olf Epler                          phone: +49 30 2093-7804
Humboldt University Berlin           fax: +49 30 2093-7642
Department of Physics
Newtonstr. 15
12489 Berlin              email: [log in to unmask]
----------------------------------------------------------

ATOM RSS1 RSS2