Jon Schewe wrote:
Rafiu Fakunle wrote:
Jon Schewe wrote:
Rafiu Fakunle wrote:
Jon Schewe wrote:
I just loaded openfiler 2.3 and this is still broken. If my ldap
server requires TLS, the openfiler scripts ignore the TLS flag set
in the authentication section and still try to talk to the LDAP
server without TLS.
Did you update the software after installation?
Just ran it now (and rebooted), still doesn't work.
The passwords don't work? You reported two different issues .....
I haven't tried the passwords.
OK, please verify if this works for you now.
However the TLS issue is still there.
I also noticed that it can't seem to find the users in my LDAP
directory even though other systems on my network see them just fine.
Is your LDAP configured with the standard NIS schema ?
Yes. Turns out this is fixed by turning off TLS on openfiler.
My ldap server is setup to allow queries without TLS, but to require
TLS for admin changes. This works fine with most Linux distros as they
just use the non-TLS connection to talk to the server and then the
admin scripts use TLS when sending the root DN and password. However
when I configure openfiler to use TLS, it tries to use TLS for
queries, but doesn't use TLS for the admin commands (rather backwards
don't you think?).
Good catch.
Furthermore openfiler is probably also confused by my SSL certificate
because it's self-signed and I don't see a way to tell openfiler about
the cert properly. Normally I copy it to /etc/ssl/certs and run
c_rehash (which doesn't exist on openfiler) and then set TLS_CACERTDIR
in /etc/openldap/ldap.conf to point to /etc/ssl/certs and life is good.
Okies, open a ticket for this:
https://project.openfiler.com/tracker/newticket (you'll need to register
first).
While I'm mentioning SSL, is there a way to give openfiler an SSL
certificate to use so that if I have my own CA that all of my users
trust they don't need specific security exceptions for the openfiler
self-signed cert?
There's an open ticket for this:
https://project.openfiler.com/tracker/ticket/335
R.
_______________________________________________
Openfiler-users mailing list
[email protected]
https://lists.openfiler.com/mailman/listinfo/openfiler-users
