Sandor Szalina <[email protected]> writes: > --- On Wed, 8/9/10, Marc Patermann <[email protected]> wrote: > >> From: Marc Patermann <[email protected]> [...] >> Sandor Szalina schrieb am 08.09.2010 12:16 Uhr: >> >> > I have installed the openldap 2.2.13 with rpm on Red >> Hat Enterprise >> > Linux ES release 4 (Nahant Update 8) I have set the >> TLS setting too. >> Man, 2.2.13 is ancient: >> http://www.openldap.org/lists/openldap-announce/200406/msg00002.html >> You really should try a /newer/ release. >> >> > With the user root I can start the ldapsearch and I >> receive the >> > result successfully, the ldap client can connect to >> the ldap server. >> > However if I login with another user I receive >> the following >> > message: ldap_bind: Can't contact LDAP server (-1) >> > >> > What can be the problem? Thanks for the help in >> advance, >> You did not provide any details >> - on how to uses ldapsearch and >> - about the server and client side config
> Thanks for your mail. Here is the information: > > The running slapd process is: > ldap 21697 1 0 07:14 ? 00:00:00 /usr/sbin/slapd -u ldap -h > ldaps://*:8108 -f /etc/openldap/slapd.conf > > The slapd.conf is: > > include /etc/openldap/schema/core.schema > include /etc/openldap/schema/cosine.schema > include /etc/openldap/schema/inetorgperson.schema > include /etc/openldap/schema/nis.schema > include /etc/openldap/schema/local.schema > > allow bind_v2 > > pidfile /var/run/openldap/slapd.pid > argsfile /var/run/openldap/slapd.args > > TLSCipherSuite HIGH:MEDIUM:+SSLv2 > TLSCACertificateFile /etc/openldap/cacerts/cacert.pem > TLSCertificateFile /etc/openldap/servercrt.pem > TLSCertificateKeyFile /etc/openldap/serverkey.pem > > > database bdb > suffix "dc=test" > rootdn "cn=Admin,dc=test" > > rootpw mypasswd > > directory /var/lib/ldap > > index objectClass eq,pres > index ou,cn,mail,surname,givenname eq,pres,sub > index uidNumber,gidNumber,loginShell eq,pres > index uid,memberUid eq,pres,sub > index nisMapName,nisMapEntry eq,pres,sub > > The port 8108 is opened in the firewall. > > On the client side there is .ldaprc in the home directory with the following > content: > > TLS_REQCERT allow The client needs to have knowledge of the certificate authority in order to verify the server certificate, thus specify TLS_CACERT or let the client not have to verify the server certificate, which is not advisable. -Dieter -- Dieter Klünter | Systemberatung sip: [email protected] http://www.dpunkt.de/buecher/2104.html GPG Key ID:8EF7B6C6
