RE: problems with LDAP TLS and nss_ldap on 5.2.1
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, June 08, 2004 6:27 AM ... running /etc/rc.d/slapd start doesn't even start the server but doesn't complain either. So I have no clue what's going wrong and right now I have to run the server without TLS. I had the same problem with slapd not reporting any errors on start. So I added the line: local4.*/var/log/ldap.log To my /etc/syslog.conf to have it log out everything going on. This helped. --- | /\ \/ @ [EMAIL PROTECTED] DataSphere - Databases, back end web programming and networking 317.536.1858 ICQ: 21106703 The only thing necessary for evil to triumph is for good men to do nothing. - Edmund Burke ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
problems with LDAP TLS and nss_ldap on 5.2.1
I have upgraded our LDAP server to 5.2.1Release running openldap-2.1.30 server/client + pam_ldap-1.6.9 + nss_ldap-1.204_5. The previous configuration (openldap20-2.0.25_4 + nss_ldap-1.204_1 + pam_ldap-1.6.1) was runing OK on FreeBSD 5.1R After the upgrade I have 2 major problems. 1) I'm not able to make the ldap server to work with TLS. The previous installation worked fine but I haven't properly backed up TLS certificates and I had to generate them again using the approach described at http://www.openldap.org/faq/data/cache/185.html As soon as I add these TLS options to the slapd.conf: # TLS options for slapd TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCACertificateFile /usr/local/etc/openldap/cacert.pem TLSCertificateFile /usr/local/etc/openldap/servercrt.pem TLSCertificateKeyFile /usr/local/etc/openldap/servercrt.pem ... running /etc/rc.d/slapd start doesn't even start the server but doesn't complain either. So I have no clue what's going wrong and right now I have to run the server without TLS. 2) The second problem is with nss_ldap. I have installed the server first, loaded data to the directory, tried some searches etc. Everything worked OK (except for the TLS). Nomaly, the startup of the server takes about 1 second. As soon as I install nss_ldap (in the very moment I run make install on that port) the startup time of the ldap server slows down to 30+ seconds and I also experienced cases when it didn't start at all. If I deinstall the nss_ldap the server startup is quick again. Any ideas of what can be wrong in either case would be really welcome. Thanks Mira ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
