Ok, I somehow assumed certs are very much needed for ldaps...
In the meantime, I set up a debian wheezy machine to try the freeipa-client
I managed to get working ipa-client (with a few quirks...- default nss
database needed to be created) with packages from
deb http://apt.numeezy.fr wheezy main
deb-src http://apt.numeezy.fr wheezy main.
So now I have a ready set of debian-like configs for wheezy, making it work
with squeeze seems easier now (it comes with learning, too...)
I must admit ipa-client debug option is lovely as a step-by-step guide for
trying by hand :>
Going back to thinking whether to try getting ipa on squeeze or getting the
legacy software working with squeeze...
(some of the scientists seem to be the happiest if the system is totally
unchanged for some 20 years...).
PS:I do see hope for rooting out the last instance of NIS on the campus :>
Freeipa-users mailing list