On 17.04.20 at 15:59 Clayvahn Hunt wrote: > First, I need to say that the documentation for Leap 15.1, although good, is > not (IMO) as good as the documentation at: > http://www.port389.org/docs/389ds/howto/quickstart.html
Seconded. For some reason there are other examples, introducing some other typos and missing some things that the upstream documentation has. > Once I learned how to use the ds commands (the quickstart examples are *very* > illuminating (like how to use the "modify" clause of dsidm (the WHOLE modify > clause needs to be a string (not clear (IMO) in the openSUSE docs)))), I > learned that on openSUSE (my experience anyway), I need to *include* the > basedn in every call (*none* of the documentation I have read refers to > including the basedn between the command and the instance name (example: sudo > dsidm -b dc=aeho,dc=lan localhost user list)). I have been informed that the > basedn should be set in the .dsrc file - *and it is*, yet I still need to > include the basedn in every dsidm call. Hmm, for creation of new users I have to add the full thing, but for "user list" or "user get" I can omit the basedn. > ****Here's my .dsrc:**** > > [localhost] > #uri = ldaps://localhost I had to change "localhost" to the server's hostname, otherwise the certificate name will not match. > *This **works** as cert checking is disabled (thanks W. Brown)*: > LDAPTLS_REQCERT=never ldapwhoami -v -H ldaps://localhost -D > uid=huncl01,ou=people,dc=aeho,dc=lan -W -x Can you try again without ignoring the certificate, but specify the server'sFQDN instead of localhost? > However, I'd like to test authentication *with* TLS security (downstream > processes will require *real* authentication), and this call > sudo LDAPTLS_CACERT=/etc/dirsrv/slapd-localhost/ca.crt ldapwhoami -v -H > ldaps://localhost -D uid=huncl01,ou=people,dc=aeho,dc=lan -W -x (with or > without sudo) > Can you try again without ignoring the certificate, but specify the server'sFQDN instead of localhost? Kind Regards, Johannes -- Johannes Kastl Linux Consultant & Trainer Tel.: +49 (0) 151 2372 5802 Mail: [email protected] B1 Systems GmbH Osterfeldstraße 7 / 85088 Vohburg http://www.b1-systems.de GF: Ralph Dehner Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537
signature.asc
Description: OpenPGP digital signature
_______________________________________________ 389-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
