|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Buchan Milne (bgmilne_at_cae.co.za)
Date: Wed Oct 23 2002 - 11:22:23 CDT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Vincent Danen wrote:
|
| On Wednesday, October 23, 2002, at 09:13 AM, Stefan van der Eijk wrote:
|
|> I'm trying to get TLS working with the latest cooker openldap-server and
|> nss_ldap packages. The server is running with the default config and the
|> things mentioned in the "Using OpenLDAP for Authentication" guide on
|> mandrakesecure.
|>
|> Changing "ssl start_tls" in /etc/ldap.conf results in nss not being able
|> to find the ldap server (on port 398 and 636).
|>
|> Any idea's?
|
|
It seems to work for me:
[bgmilne:~]# ldapsearch -x -ZZ -LL "(uid=bgmilne)" dn
version: 1
dn: uid=bgmilne,ou=People,dc=cae,dc=co,dc=za
This box is running cooker (updated this morning from yesterday's packages)
(getent passwd also works, even after restarting nscd having changed ssl
to start_tls from ssl and back).
Note that at one stage there was an issue with using SSL/TLS on the
server (IIRC). But I just tested on the server also:
[caepdc:/home/users/bgmilne]# ldapsearch -x -ZZ -LL "(uid=bgmilne)" dn
version: 1
dn: uid=bgmilne,ou=People,dc=cae,dc=co,dc=za
Do you get anything in the logs?
| Not off the top of my head, but I am probably going to (start) looking
| at that stuff today. I've got a cooker machine ready to go, going to
| blow off the old (outdated) LDAP config on the old server, and reset
| everything up (possibly with the cooker machine as the "server" and some
| vmware "boxes" as clients).
|
If possible, would you have a chance to look at Kerberos also? The only
problem we have before we start rolling out more Mandrake desktops is
disconnected authentication, which I think Kerberos is capable of (with
slave servers). LDAP slaves doesn't seem feasible (having to restart the
LDAP server in read-only mode every time you add a slave).
| I'm also going to look for the current versions of nss_ldap, pam_ldap,
| etc. and update if necessary. I don't think anyone other than perhaps
| myself (official maintainers, I mean) particularly pays attention to
| this LDAP stuff, and I still know jack about it... =)
|
| So if no one else answers, please be patient and give me a day or two...
| I might have something for you.
|
Only answer I have is "it works for me".
Anyone else?
Buchan
- --
|----------------Registered Linux User #182071-----------------|
Buchan Milne Mechanical Engineer, Network Manager
Cellphone * Work +27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering http://www.cae.co.za
GPG Key http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE9tsy+rJK6UGDSBKcRAmL8AJ4kWLGUZTCqqRDyJ8cdUUFLUN7pkACglS7l
zzGEln39+lHrmVjDyxteDEs=
=80GL
-----END PGP SIGNATURE-----
For help, email discuss-help
mandrakesecure.net; to unsubscribe send a
message to discuss-unsubscribemandrakesecure.net. To visit MandrakeSecure,
go to http://www.mandrakesecure.net/.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]