Hello, following the related parts of slapd.conf:
TLSCACertificateFile /usr/etc/openldap/CA/cacert.pem TLSCertificateFile /usr/etc/openldap/CA/sacert.pem TLSCertificateKeyFile /usr/etc/openldap/CA/sackey.pem The server runs as follows: /usr/libexec/slapd -u ldap -h ldap:/// ldaps:/// Normally the port 389 (ldap:///) is closed. and ldap.conf: base dc=organization,dc=com uri ldaps://ldap_server.organizatiom.com sizelimit 0 bind_policy soft tls_cacert /usr/etc/openldap/CA/cacert.pem tls_checkpeer yes -> new ssl yes The file cacert.pem is a self signed certificate I created together with sacert.pem and the key file sakey.pem. As I already wrote - exactly the same configuration works without any problems on different installations including SL-5.1. Therefore it's not clear for me why I have now to set the port option because I use uri! Regards, Olf Epler > > At least two types of problems were reported with ldap use at about the > time that the updates for sl52 came out. > > One was related to dbus not being listed as an ignoregroups option and so > systems would hang during dbus startup. > > Another was related to changes in nss_ldap which changes how the > ldap.conf was being parsed - so previously working configs stopped - and > most of the reported problems were with people using ssl. That may have > been related to the port option in the config (or might not). > > Using "ldap://<server>" and "ssl tls_start" may work depending on whether > your ldap server allows starttls. > > If you include a copy of your /etc/ldap.conf (and perhaps the ldap server > config) it may all be obvious to those who had the problems last year... > > -- > /--------------------------------------------------------------------\ > | "Computers are different from telephones. Computers do not ring." | > | -- A. Tanenbaum, "Computer Networks", p. 32 | > ---------------------------------------------------------------------| > | Jon Peatfield, _Computer_ Officer, DAMTP, University of Cambridge | > | Mail: [email protected] Web: http://www.damtp.cam.ac.uk/ | > \--------------------------------------------------------------------/ > ---------------------------------------------------------- Olf Epler phone: +49 30 2093-7804 Humboldt University Berlin fax: +49 30 2093-7642 Department of Physics Newtonstr. 15 12489 Berlin email: [email protected] ----------------------------------------------------------
