Zhi-Wei Lu wrote: > 2. Turn on ssl and add the nss_initgrous_ignoreusers line, the message > bus was fine and system rebooted, but ldap query is still not working > via ldaps, therefore, the latest nss_dap_253-12 breaks something.
Instead of "ldaps" (as in LDAP over SSL), we use starttls (plaintext connection that is converted to SSL after a while) -- our LDAP servers are configured in such a way that they won't talk to you unless you access them over a secure channel. I've tried changing the settings to ldaps (and indeed the machines talked to slapd at port 636), but saw no difference. Anyway, dump of configuration that *works* for me with recent nss_ldap on 32bit SL5 box is at http://dev.gentoo.org/~jkt/ldap/sl5/ , perhaps you can spot a difference against your setup. These are the packages I use (and whose version might matter here): openldap-clients-2.3.27-8.el5_1.3.i386 openssl-0.9.8b-8.3.el5_0.2.i686 compat-openldap-2.3.27_2.2.29-8.el5_1.3.i386 nss_db-2.2-35.3.i386 openssh-4.3p2-42.sl5.i386 nss-3.11.7-1.3.el5.i386 openldap-2.3.27-8.el5_1.3.i386 pam-0.99.6.2-3.26.el5.i386 openssh-server-4.3p2-42.sl5.i386 nss-tools-3.11.7-1.3.el5.i386 nss_ldap-253-12.el5.i386 Cheers, -jkt
smime.p7s
Description: S/MIME Cryptographic Signature
