I have also I have revised my /etc/ldap.conf on the client to read:
uri ldaps://LBSD2.summitnjhome.com/
ssl start_tls
tls_cacertdir /etc/openldap/cacerts
pam_password crypt
I have also tried using
uri ldap://LBSD2.summitnjhome.com/
with the same results as before. thanks again.
On Sun, Nov 28
Hi Eric,
Sorry I am clear on that now. I have tried the -h value that matches
the one in the cert, but I get the same result, unfortunately:
[r...@vircent03:~]#ldapsearch -h LBSD2.summitnjhome.com -b
"dc=summitnjhome,dc=com" -Z -D "cn=Manager,dc=summitnjhome,dc=com"
"(objectclass=sudoRole)" -W
On 28/11/10 18.51, bluethundr wrote:
Yes the hostname is in the CN of the cert file. So I agree that -h is
not the issue. :)
[r...@vircent03:~]#ldapsearch -h ldap -b "dc=summitnjhome,dc=com" -Z
-D "cn=Manager,dc=summitnjhome,dc=com" "(objectclass=sudoRole)" -W
Maybe I didn't make myself clear:
Hi Eric and John
Thanks for your input..
> As mentioned in my previous mail, there is no need to specify
> TLSCACertificateFile in > > slapd.conf unless your server will request client
> certificate for authentication. Nor is there > any point in trying multiple
> files, you can concatenate t
Don't know if this applies, but I had to install the intermediate cert to get
the godaddy Certs to work. You can download it from the gd website.
-- John
Sent from my iPhone, so may be a bit brief.
On Nov 25, 2010, at 11:26, bluethundr wrote:
> Hey list,
>
> I was having a similar SSL/openLD
On 25/11/10 17.26, bluethundr wrote:
I have setup the certificate chain in my slapd.conf like so:
[r...@lbsd2:/usr/home/bluethundr]#grep -i tls
/usr/local/etc/openldap/slapd.conf## TLS options for slapd
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCertificateFile /usr/local/etc/openldap/cacerts/LBSD2.
Hey list,
I was having a similar SSL/openLDAP problem to this last week. I had
a chance to look at this again today and it still appears to not be
working. I called godaddy and had the last cert cancelled and reissued
as I had mis-typed the name of the CN on the last one.
I am trying to setup a
