Paolo Ercolani wrote:
Hi. I'm new to this list and it's a week i'm really fighting with
directory server. I followed some howtos, i downloaded a lot of
documents but i can't get out of trouble. I need to make login from
my linux boxes on ldap directory server. If i try to use my test
user in clear mode i can do that. The problem is when i try to
configure a self-signed certificate. I'll not describe all the tests
i've done, i'll tell you just the last!! I created my cacert.pem on
the ldapserver and i installed from the console. It goes and it's
ok. Then i used openssl to generate a private key and a certificate
request then i signed it. That's what i did:
openssl genrsa -out privkey.pem 2048
openssl req -new -key privkey.pem -out PEM.csr
openssl ca -cert cacert.pem -in PEM.csr -out cert.pem
I copied cacert.pem, privkey.pem and cert.pem on the client and i
configured ldap.conf on it:
URI ldaps://<ldapserver>:636
BASE ou=UTENTI,o=postel,c=com
host kingu.postel.com
TLS_REQCERT allow
TLS_CHECKPEER yes
TLS_CACERTDIR /etc/ssl
TLS_CACERT /etc/ssl/cacert.pem
TLS_CERT /etc/ssl/cert.pem
TLS_KEY /etc/ssl/privkey.pem
I activated ssl on my ldap server and i installed my cacert.pem on
it. i didn't anything else. I tried also to generate a certificate
request from directory server and to sign it with my cacert.pem.
Then i imported it like my server-cert. It imported it but login
still didn't go.
>I'm unclear on this last step. What do you mean by login still didn't
go? Because the access log excerpt below >would seem to indicate that
the os did search for and find the login name.
Yes. Reading logs it seems login goes ok. But my client can't really
login and i don't know what i can check. Client asks me again for
password, but i'm sure it's the right one. Have you any ideas for
checking something???
Thanks in advance.
Paolo.
