Hi, Please ignore the previous post I will go shoot myself.... I was testing with two clients and had the ca.crt on one but was working on the other, so it is not surprising it did not work.... Doh..... So once I scp'd over the file, both rhas4 clients work.... Doh..... My final /etc/ldap.conf looks like this, # http://www.padl.com URI ldap://ldap.vuw.ac.nz #host 130.195.87.249 base dc=vuw,dc=ac,dc=nz #ssl no #ssl on pam_password md5 #HOST 130.195.87.249 BASE dc=vuw,dc=ac,dc=nz #tls_cacertdir /etc/openldap/cacerts tls_cacertfile /etc/openldap/cacerts/ca.crt TLS_REQCERT allow #TLS_REQCERT never host ldap.vuw.ac.nz ssl start_tls The access log shows this while doing a ssh into the (LDAP) client, [root at vuwunicvfdsm001 logs]# tail -f access [18/Sep/2007:06:15:14 +1200] conn=2370 op=-1 fd=74 closed - B1 [18/Sep/2007:06:15:18 +1200] conn=2376 fd=71 slot=71 connection from 130.195.87.250 to 130.195.87.249 [18/Sep/2007:06:15:18 +1200] conn=2376 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [18/Sep/2007:06:15:18 +1200] conn=2376 op=0 RESULT err=0 tag=120 nentries=0 etime=0 [18/Sep/2007:06:15:18 +1200] conn=2376 SSL 256-bit AES 8><--------- So this is now all correct? regards Steven Jones Senior Linux/Unix/San/Vmware System Administrator APG -Technology Integration Team Victoria University of Wellington Phone: +64 4 463 6272
