Re: LDAP auth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2004-01-05 at 10:02, Bevan C. Bennett wrote:
> > 
> > and TLS stuff:
> > 
> > ------snip-------
> > TLSCertificateFile    /usr/share/ssl/certs/slapd.pem
> > TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
> > ------snip-------
> > 
> > anything blatantly wrong here?
> 
> Your ACLs look fine. Is that certificate your old cert, or the one 
> that's created for you on the new system? If the latter, you should 
> create a new certificate that contains the FQDN of the server (as 
> referenced by the LDAP clients) instead of 'localhost.localdomain'. This 
> is noted as a warning somewhere... but I can't find it at the moment.
> 
> In any case, you should start by temporarily turning off SSL on the 
> client side (put "ssl no" in the client /etc/ldap.conf file). That's not 
> a 'safe' configuration, but it'll let you test the basic ldap 
> functionality without worrying if SSL/TLS is the problem.
> 
> Are you also using ldap in nsswitch? If so you'll want to restart the 
> client's nscd (if running) after you switch ldap.conf.
> 
> Note that ldapsearch uses /etc/openldap/ldap.conf, while PAM and NSS use 
> /etc/ldap.conf, which are similar in format, but generally -not- identical.
> 
> As another easy thing to check, is the new server's firewall configured 
> to let ports 389 (and possibly 636) in? Again, temporarily turning off 
> iptables entirely can quickly determine if that's the problem.
> 

Thanks for the Troubleshooting check list.  I turned off nscd and
wala...




[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux