Karsten Römke <[EMAIL PROTECTED]> writes: > Dieter Kluenter schrieb: >> Quanah Gibson-Mount <[EMAIL PROTECTED]> writes: >> >>> --On Wednesday, August 23, 2006 8:18 PM +0200 Karsten Römke >>> <[EMAIL PROTECTED]> wrote: [...] >>> These do not look like valid parameters to ldap.conf(5) for OpenLDAP. >>> I'm guessing these are the parameters for PAM's ldap.conf. You need >>> to properly configure the appropriate ldap.conf for openldap and PAM >>> separately. I'm guessing you currently have PAM configuration lines >>> in the ldap.conf that would be used by ldapsearch, and nothing in the >>> ldap.conf that would be used by PAM. But maybe not, you don't note >>> the location of your ldap.conf file. >> >> In addition to Quanah's comments I would like to see a condensed >> output of 'openssl x509 -in servercert.pem -text'. >> The data of modules, signature algorithm and certificate are not >> required. >> >> -Dieter > > Hello, > in the moment I do not really know what to do :-) > I appended the output from openssl ... > Should I start with a nearly empty ldap.conf on client side? > I use that one which is generated by yast, the suse > administration tool and without encryption this > file works.
Please note that there are 2 ldap.conf files as Quanah lined out. The file /etc/openldap/ldap.conf is read by any client compiled with libldap and might be read by other clients. The file /etc/ldap.conf contains configuration for pam_ldap. To configure properly /etc/openldap/ldap.conf read man ldap.conf(5) > oracle:/etc/openldap # openssl x509 -in servercrt.pem -text > Certificate: > Data: > Version: 3 (0x2) > Serial Number: 2 (0x2) > Signature Algorithm: md5WithRSAEncryption > Issuer: C=DE, ST=NRW, L=Bonn, O=hhb, OU=it, > CN=oracle.hhb.bonn.de/[EMAIL PROTECTED] > Validity > Not Before: Aug 23 14:38:15 2006 GMT > Not After : Aug 18 14:38:15 2026 GMT > Subject: C=DE, ST=NRW, L=bonn, O=hhb, OU=it, > CN=oracle.hhb.bonn.de/[EMAIL PROTECTED] > Subject Public Key Info: [...] > X509v3 Subject Key Identifier: > 1C:78:8F:7C:76:75:2A:8E:EE:DD:8A:C0:AA:A7:AE:96:D8:38:79:84 > X509v3 Authority Key Identifier: > > keyid:90:4F:E9:05:AA:38:FC:D9:21:45:B0:BD:A5:2E:B3:5B:E9:59:38:AF > > DirName:/C=DE/ST=NRW/L=Bonn/O=hhb/OU=it/CN=oracle.hhb.bonn.de/[EMAIL > PROTECTED] The common name of your host is 'oracle.hhb.bonn.de' This address is checked and validated by clients, that is 'localhost' or any other alias adress is not a valid adress anymore, unless you have declared a subject alternate name for this cn. Please check the keyid of X509v3 Authority Key Identifier with your cacert.pem -Dieter -- Dieter Klünter | Systemberatung http://www.dkluenter.de GPG Key ID:8EF7B6C6 --- You are currently subscribed to [email protected] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
