On Mon, 2004-01-05 at 10:02, Bevan C. Bennett wrote: > > > > and TLS stuff: > > > > ------snip------- > > TLSCertificateFile /usr/share/ssl/certs/slapd.pem > > TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem > > ------snip------- > > > > anything blatantly wrong here? > > Your ACLs look fine. Is that certificate your old cert, or the one > that's created for you on the new system? If the latter, you should > create a new certificate that contains the FQDN of the server (as > referenced by the LDAP clients) instead of 'localhost.localdomain'. This > is noted as a warning somewhere... but I can't find it at the moment. > > In any case, you should start by temporarily turning off SSL on the > client side (put "ssl no" in the client /etc/ldap.conf file). That's not > a 'safe' configuration, but it'll let you test the basic ldap > functionality without worrying if SSL/TLS is the problem. > > Are you also using ldap in nsswitch? If so you'll want to restart the > client's nscd (if running) after you switch ldap.conf. > > Note that ldapsearch uses /etc/openldap/ldap.conf, while PAM and NSS use > /etc/ldap.conf, which are similar in format, but generally -not- identical. > > As another easy thing to check, is the new server's firewall configured > to let ports 389 (and possibly 636) in? Again, temporarily turning off > iptables entirely can quickly determine if that's the problem. > Thanks for the Troubleshooting check list. I turned off nscd and wala...
