I have these cyrus modules installed: cyrus-sasl-md5-2.1.22-19.fc10.i386 cyrus-sasl-lib-2.1.22-19.fc10.i386 cyrus-sasl-krb4-2.1.22-19.fc10.i386 cyrus-sasl-plain-2.1.22-19.fc10.i386 cyrus-sasl-devel-2.1.22-19.fc10.i386 cyrus-sasl-2.1.22-19.fc10.i386 OPlameras On Wed, Feb 4, 2009 at 9:59 AM, Rick Stevens <ricks@xxxxxxxx> wrote: > Oscar Plameras wrote: >> >> 1. System1 - I had 3 test servers running OpenLDAP-2.3.30-3.fc6, >> OpenSSL-0.9.8b-15.fc6 on Linux-2.6.22.14-72.fc6. >> And these were perfectly running with OPENSSL configured on >> 'slapd.conf' as follows: >> >> lines cut >> # >> # >> TLSCACertificateFile /etc/CA/cacert.pem >> TLSCertificateFile /etc/pki/tls/newcert.pem >> TLSCertificateKeyFile /etc/pki/tls/newkey.pem >> # >> # >> lines cut >> >> When I do, >> >> #service ldap restart, and #ps -ax I have this >> >> slapd -h ldap:/// ldaps:/// -u ldap >> >> I can do simple unsecured or secured queries from here. >> >> 1. System2 - Now, I upgraded 2 test servers running >> OpenLDAP-2.4.12-1.fc10, OpenSSL-0.9.8g-12.fc10 on >> Linux-2.6.29-159.fc10. >> Suddenly I can't start slapd correctly. The problem is after >> configuring 'slapd.conf' with OPENSSL, as I did in System1 and I >> do a >> >> #service ldap restart, and #ps -ax >> >> I found that I only have this process running: >> slapd -h ldap:/// -u ldap. The ldaps:/// process did not start >> suggesting I have incorrect certificates. >> But I can confirm that my certificates are correct with several tests. >> >> I had expected this process: >> slapd -h ldap:/// ldaps:/// -u ldap. >> >> So, when I do TLS secured query like: >> >> #ldapwhoami -x -H ldaps://hostname >> >> I got this: >> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) >> >> Has anyone had this problem on FC10 ? >> >> Notes: >> 1. I can run this manually: #/usr/sbin/slapd -h ldap:/// ldaps:/// -u >> ldap and saw slapd -h ldap:/// ldaps:/// -u ldap in my #ps -ax >> I can do #ldapwhoami -x. But when I do a #ldapwhoami -x -H >> ldaps://hostname I go error message can't connect to server. >> 2. I can run this manually: #/usr/sbin/slapd -h ldaps:/// -u ldap >> I can then test my certificates correctly but SSL does not appear to >> have been started. > > OpenLDAP 2.4 uses SASL by default. Install cyrus-sasl-md5 and its > requirements unless you always use simple binds. > ---------------------------------------------------------------------- > - Rick Stevens, Systems Engineer ricks@xxxxxxxx - > - AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 - > - - > - "You think that's tough? Try herding cats!" - > ---------------------------------------------------------------------- > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list > Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines > -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
