Re: LDAP auth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




and TLS stuff:

------snip-------
TLSCertificateFile    /usr/share/ssl/certs/slapd.pem
TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
------snip-------

anything blatantly wrong here?

Your ACLs look fine. Is that certificate your old cert, or the one that's created for you on the new system? If the latter, you should create a new certificate that contains the FQDN of the server (as referenced by the LDAP clients) instead of 'localhost.localdomain'. This is noted as a warning somewhere... but I can't find it at the moment.


In any case, you should start by temporarily turning off SSL on the client side (put "ssl no" in the client /etc/ldap.conf file). That's not a 'safe' configuration, but it'll let you test the basic ldap functionality without worrying if SSL/TLS is the problem.

Are you also using ldap in nsswitch? If so you'll want to restart the client's nscd (if running) after you switch ldap.conf.

Note that ldapsearch uses /etc/openldap/ldap.conf, while PAM and NSS use /etc/ldap.conf, which are similar in format, but generally -not- identical.

As another easy thing to check, is the new server's firewall configured to let ports 389 (and possibly 636) in? Again, temporarily turning off iptables entirely can quickly determine if that's the problem.




[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux