>From: fedora-list-bounces@xxxxxxxxxx >[mailto:fedora-list-bounces@xxxxxxxxxx]On Behalf Of Nigel Wade >Sent: Wednesday, November 16, 2005 1:52 AM >To: For users of Fedora Core releases >Subject: Re: LDAP SSL Problems (was: service script (/etc/init.d/ldap)) > > >Daniel B. Thurman wrote: >>>From: fedora-list-bounces@xxxxxxxxxx >>>[mailto:fedora-list-bounces@xxxxxxxxxx]On Behalf Of Craig White >>>Sent: Monday, November 14, 2005 5:10 PM >>>To: For users of Fedora Core releases >>>Subject: RE: LDAP SSL Problems (was: service script >(/etc/init.d/ldap)) >>> >>> >>>On Mon, 2005-11-14 at 16:42 -0800, Daniel B. Thurman wrote: >>> >>> >>>>See: if LANG=C klist -k "$KRB5_KTNAME" | tail -n 4 | awk >>> >>>'{print $2}' | >>> >>>>===============^^^^^ >>>>s/b ===========$klist >>> >>>---- >>>your previous email referenced the missing '$' on the word kinit not >>>klist which was significant since kinit doesn't exist in the file but >>>klist clearly does in a number of places. I understand how you >>>transposed it though - going buggy after typing it a number >of times it >>>probably just flowed naturally through your fingers. >>> >>>Craig >>> >>> >> >> >> Yea... sorry... I was trying to solve my problem with ldap >> and it was getting a bit frustrating - so I lost it somewhere >> when my fingers starting running away from me :-) >> >> Your certificate creation method did not work. I saw that I >> had to change the openssl.cnf path and I did get the two >> files: ldap.csr and ldap.key but missing is ca.certs and >> ca.key. >> >> Dan >> > >I've just been setting up an LDAP server today (not using >Kerberos, but that >might come at some point). I created a CA certificate and >server certificate >using the instructions here: >http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html > > >-- >Nigel Wade, System Administrator, Space Plasma Physics Group, > University of Leicester, Leicester, LE1 7RH, UK >E-mail : nmw@xxxxxxxxxxxx >Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555 > Thanks for the feedback. Just be aware that the openssl FC4 is version 0.9.7f and the latest is 0.9.8a, and that many of the howtos are somewhat (very) different from the past. One example is that the structure has changed (at least from what I see in FC4 to be at /etc/pki and that some script programs are no longer where you expected them to be or to exist.) I have successfully gotten LDAP to run, to get the SSL/TLS component to run but still having a helluva time trying to get SASL working. Also still messing with kerberos and trying to get the nuances worked out. I do have kerberos running but still have a ways to get it tied with ldap. It could be that I will need to switch to hemidal kerberos instead of MIT's version - as it says that hemidal allows LDAP to be in a central DB and supports LDAP where MIT's kerberos does not? I will be at it for awhile. Kind regards, Dan -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.362 / Virus Database: 267.13.3/172 - Release Date: 11/15/2005
