Loading...

fedora-directory-users@redhat.com

[Prev] Thread [Next]  |  [Prev] Date [Next]

Re: [Fedora-directory-users] Setting up a Debian client for ssl Richard Megginson Tue Sep 18 18:03:57 2007

Steven Jones wrote:
This is my pam_ldap.conf,

I seem unable to get ssl to work....what am I missing?

I also need to set ssl only so no plain text passwords are sent...

#file copied from openldap syntax might have issues but seems to work.
#but not in ssl mode
#
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
host 130.195.87.249
base dc=vuw,dc=ac,dc=nz
#ssl no
# this syntax does not work --> ssl on
ssl yes
ssl start_tls
pam_password exop
#pam_password md5
HOST 130.195.87.249
BASE dc=vuw,dc=ac,dc=nz
#nss_base_passwd ou=People,dc=vuw,dc=ac,dc=nz
#nss_base_shadow ou=People,dc=vuw,dc=ac,dc=nz
TLS_CACERTDIR /etc/openldap/cacerts/
TLS_CACERT /etc/openldap/cacerts/cacert.asc
#TLS_CACERT /etc/openldap/cacerts/5be5959f.0
TLS_REQCERT allow
#syntax not liked --> uri ldapi://130.195.87.249
URI ldap://ldap.vuw.ac.nz
To rule out cert CA issues, set TLS_REQCERT to never.

I don't think you can specify both TLS_CACERTDIR and TLS_CACERT - or maybe you can, but I always have problems when trying to use TLS_CACERTDIR
regards

Steven Jones
Senior  Linux/Unix/San/Vmware System Administrator
APG -Technology Integration Team
Victoria University of Wellington
Phone: +64 4 463 6272

--
Fedora-directory-users mailing list
[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/fedora-directory-users

--
Fedora-directory-users mailing list
[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/fedora-directory-users