Hello, adott egy Ubuntu 8.04, up-to-date minden.
Fut rajta egy apache2.2, a virtualhosztok LDAP-bol autholnak. Szeretnem atallitani LDAPS-re. Eloszor probalom parancssorbol az LDAPS kapcsolatot, ime a .ldaprc tartalma: TLS_CACERT /etc/ldap/server.pem TLS_REQCERT try illetve probaltam az utolso sorban az allow, demand ertekeket is. Attol fuggoen, hogy magat a CA certet adom meg, vagy a szerver tanusitvanyat, az alabbi valaszokat kapom (elso a CA, masodik a szerver cert eseteben): # ldapsearch -H ldaps://1.2.3.4/ -w -X -d17 ldap_url_parse_ext(ldaps://1.2.3.4/) ldap_create ldap_url_parse_ext(ldaps://1.2.3.4:636/??base) ldap_pvt_sasl_getmech ldap_search put_filter: "(objectclass=*)" put_filter: simple put_simple_filter: "objectclass=*" ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP 1.2.3.4:636 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 1.2.3.4:636 ldap_pvt_connect: fd: 3 tm: -1 async: 0 TLS: peer cert untrusted or revoked (0x42) ldap_err2string ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) # ldapsearch -H ldaps://1.2.3.4/ -w -X -d17 ldap_url_parse_ext(ldaps://1.2.3.4/) ldap_create ldap_url_parse_ext(ldaps://1.2.3.4:636/??base) ldap_pvt_sasl_getmech ldap_search put_filter: "(objectclass=*)" put_filter: simple put_simple_filter: "objectclass=*" ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP 1.2.3.4:636 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 1.2.3.4:636 ldap_pvt_connect: fd: 3 tm: -1 async: 0 TLS: hostname (1.2.3.4) does not match common name in certificate (1.2.3.4). ldap_err2string ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) A cert nem jart le, ha valamilyen mas kliensbol probalom (pl: a java-s LdapBrowser-bol), akkor mukodik. Ha a TLS_REQCERT erteke never, akkor mukodik, es valoban felepul az SSL. Ja, a kiszolgalo egy Netware-en futo NDS. Mit benazok? Koszi: a. _________________________________________________ linux lista - [email protected] http://mlf2.linux.rulez.org/mailman/listinfo/linux
