Rick Stevens <[email protected]> writes: > Dieter Kluenter wrote: >> Rick Stevens <[email protected]> writes: >> >>> Dieter Kluenter wrote: [...] >> This is only the content of slapd.conf, the relevant content of >> ldap.conf(5) is still missing, ldapsearch requires at least the path >> to CA, further information on the level of certificate checks and the >> prefered cipher suits are recommended options. > > Terribly sorry, misread your message. I had posted my ldap.conf before, > but here it is again: > > host 192.168.1.53 > base dc=eqspeed,dc=com > rootbinddn uid=sysman,ou=people,dc=eqspeed,dc=com > timelimit 15 > bind_timelimit 10 > bind_policy soft > pam_lookup_policy yes > pam_password clear_remove_old > nss_base_passwd ou=People,dc=eqspeed,dc=com?one > nss_base_shadow ou=People,dc=eqspeed,dc=com?one > nss_base_group ou=Group,dc=eqspeed,dc=com?one > nss_base_hosts ou=Hosts,dc=eqspeed,dc=com?one > ssl start_tls > ssl on > #tls_cacertdir /etc/openldap/cacerts > tls_cacertfile /etc/openldap/cacerts/allcerts.pem > tls_reqcert never
That's what I thought, this is the wrong ldap.conf, read man ldap.conf(5). -Dieter -- Dieter Klünter | Systemberatung http://dkluenter.de GPG Key ID:8EF7B6C6 53°08'09,95"N 10°08'02,42"E
