--On Wednesday, August 23, 2006 8:18 PM +0200 Karsten Römke <[EMAIL PROTECTED]> wrote:
ok, t would be nice if it is a configuration problem I have tried the openssl -s_client. openssl s_client -connect oracle.hhb.bonn.de:636 -showcerts CONNECTED(00000003) 8907:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:465: and here is a part of slapd.conf TLSCACertificateFile /etc/openldap/cacert.pem TLSCertificateFile /etc/openldap/servercrt.pem TLSCertificateKeyFile /etc/openldap/serverkey.pem # loglevel 1 and the ldap.conf tls_cacert /etc/openldap/cacert.pem nss_base_passwd ou=People,dc=hhb,dc=bonn,dc=de nss_base_shadow ou=People,dc=hhb,dc=bonn,dc=de nss_base_group ou=Groups,dc=hhb,dc=bonn,dc=de host 10.100.0.202 base dc=hhb,dc=bonn,dc=de ldap_version 3 ssl start_tls pam_password crypt
These do not look like valid parameters to ldap.conf(5) for OpenLDAP. I'm guessing these are the parameters for PAM's ldap.conf. You need to properly configure the appropriate ldap.conf for openldap and PAM separately. I'm guessing you currently have PAM configuration lines in the ldap.conf that would be used by ldapsearch, and nothing in the ldap.conf that would be used by PAM. But maybe not, you don't note the location of your ldap.conf file.
--Quanah -- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html --- You are currently subscribed to [email protected] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
