Re: [Fedora-directory-users] Setting up a Debian client for ssl

fedora-directory-users@redhat.com

[Prev] Thread [Next] | [Prev] Date [Next]

Re: [Fedora-directory-users] Setting up a Debian client for ssl Richard Megginson Tue Sep 18 18:03:57 2007

Steven Jones wrote:

This is my pam_ldap.conf,

I seem unable to get ssl to work....what am I missing?

I also need to set ssl only so no plain text passwords are sent...

#file copied from openldap syntax might have issues but seems to work.
#but not in ssl mode
#
#
# LDAP Defaults
#

# See ldap.conf(5) for details

# This file should be world readable but not world writable.
host 130.195.87.249
base dc=vuw,dc=ac,dc=nz
#ssl no
# this syntax does not work --> ssl on
ssl yes
ssl start_tls
pam_password exop
#pam_password md5
HOST 130.195.87.249
BASE dc=vuw,dc=ac,dc=nz
#nss_base_passwd ou=People,dc=vuw,dc=ac,dc=nz
#nss_base_shadow ou=People,dc=vuw,dc=ac,dc=nz
TLS_CACERTDIR /etc/openldap/cacerts/
TLS_CACERT /etc/openldap/cacerts/cacert.asc
#TLS_CACERT /etc/openldap/cacerts/5be5959f.0
TLS_REQCERT allow
#syntax not liked --> uri ldapi://130.195.87.249
URI ldap://ldap.vuw.ac.nz

To rule out cert CA issues, set TLS_REQCERT to never.

I don't think you can specify both TLS_CACERTDIR and TLS_CACERT - ormaybe you can, but I always have problems when trying to use TLS_CACERTDIR

regards

Steven Jones
Senior  Linux/Unix/San/Vmware System Administrator
APG -Technology Integration Team
Victoria University of Wellington
Phone: +64 4 463 6272

--
Fedora-directory-users mailing list
[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/fedora-directory-users

--
Fedora-directory-users mailing list
[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/fedora-directory-users

[Fedora-directory-users] Setting up clients for ssl only?, (continued)

[Fedora-directory-users] Setting up clients for ssl only? Steven Jones 2007/09/14
Re: [Fedora-directory-users] Setting up clients for ssl only? Richard Megginson 2007/09/14
RE: [Fedora-directory-users] Setting up clients for ssl only? Steven Jones 2007/09/18
[Fedora-directory-users] rhas4 Setting up clients for ssl only? Steven Jones 2007/09/18
RE: [Fedora-directory-users] rhas4 Setting up clients for ssl only? Steven Jones 2007/09/18

Re: [Fedora-directory-users] Setting up clients for ssl only? Richard Megginson 2007/09/18

Re: [Fedora-directory-users] Setting up a Debian client for ssl Richard Megginson 2007/09/14
RE: [Fedora-directory-users] Setting up a Debian client for ssl Steven Jones 2007/09/14
Re: [Fedora-directory-users] Setting up a Debian client for ssl Richard Megginson 2007/09/14
RE: [Fedora-directory-users] Setting up a Debian client for ssl Steven Jones 2007/09/18
Re: [Fedora-directory-users] Setting up a Debian client for ssl Richard Megginson 2007/09/18 <=
RE: [Fedora-directory-users] Setting up a Debian client for ssl Steven Jones 2007/09/18
RE: [Fedora-directory-users] Setting up a redhat client for ssl Steven Jones 2007/09/18

RE: [Fedora-directory-users] Setting up a Debian client for ssl Steven Jones 2007/09/18

Re: [Fedora-directory-users] Setting a self ssl certificate Richard Megginson 2007/09/14

RE: [Fedora-directory-users] ssh login fail Steven Jones 2007/09/13
Re: [Fedora-directory-users] ssh login fail Richard Megginson 2007/09/13