Subject: | |
From: | |
Reply To: | |
Date: | Thu, 22 May 2008 21:17:31 +0200 |
Content-Type: | multipart/signed |
Parts/Attachments: |
|
|
Zhi-Wei Lu wrote:
> 2. Turn on ssl and add the nss_initgrous_ignoreusers line, the message
> bus was fine and system rebooted, but ldap query is still not working
> via ldaps, therefore, the latest nss_dap_253-12 breaks something.
Instead of "ldaps" (as in LDAP over SSL), we use starttls (plaintext
connection that is converted to SSL after a while) -- our LDAP servers
are configured in such a way that they won't talk to you unless you
access them over a secure channel. I've tried changing the settings to
ldaps (and indeed the machines talked to slapd at port 636), but saw no
difference.
Anyway, dump of configuration that *works* for me with recent nss_ldap
on 32bit SL5 box is at http://dev.gentoo.org/~jkt/ldap/sl5/ , perhaps
you can spot a difference against your setup.
These are the packages I use (and whose version might matter here):
openldap-clients-2.3.27-8.el5_1.3.i386
openssl-0.9.8b-8.3.el5_0.2.i686
compat-openldap-2.3.27_2.2.29-8.el5_1.3.i386
nss_db-2.2-35.3.i386
openssh-4.3p2-42.sl5.i386
nss-3.11.7-1.3.el5.i386
openldap-2.3.27-8.el5_1.3.i386
pam-0.99.6.2-3.26.el5.i386
openssh-server-4.3p2-42.sl5.i386
nss-tools-3.11.7-1.3.el5.i386
nss_ldap-253-12.el5.i386
Cheers,
-jkt
|
|
|