On Thu, 22 Jan 2009, Olf Epler wrote:
Dear colleagues,
since a couple of days I try to switch on the ssl connection
for a ldap client on SL-5.2 x86_64.
I cleaned this installation so that only x86_64 packets are
installed and runs also yum upgrade.
My server works without any problems with SL-4.2 i386/x86_64,
SL-5.1 i386 and also on port 389 with SL-5.2 x86_64.
openssl097a and openssl-0.9.8b are installed.
As soon I change to "ldaps://<server>" in ldap.conf nothing
happens.
"ssl on" in ldap.conf allows "getent passwd" or ldapsearch
but disables console logins. A further login is only possible
as root with ssh.
"ssl tls_start" also doesn't work.
I've recompiled nss_ldap and also pam_ldap - no result.
Because pam works well if I use port 389 I believe something
other must be wrong. Can anybody help?
At least two types of problems were reported with ldap use at about the
time that the updates for sl52 came out.
One was related to dbus not being listed as an ignoregroups option and so
systems would hang during dbus startup.
Another was related to changes in nss_ldap which changes how the
ldap.conf was being parsed - so previously working configs stopped - and
most of the reported problems were with people using ssl. That may have
been related to the port option in the config (or might not).
Using "ldap://<server>" and "ssl tls_start" may work depending on whether
your ldap server allows starttls.
If you include a copy of your /etc/ldap.conf (and perhaps the ldap server
config) it may all be obvious to those who had the problems last year...
--
/--------------------------------------------------------------------\
| "Computers are different from telephones. Computers do not ring." |
| -- A. Tanenbaum, "Computer Networks", p. 32 |
---------------------------------------------------------------------|
| Jon Peatfield, _Computer_ Officer, DAMTP, University of Cambridge |
| Mail: [email protected] Web: http://www.damtp.cam.ac.uk/ |
\--------------------------------------------------------------------/
