An "improved" ldap.conf (with no ssl/TLS) for RHAS5 =============== # http://www.padl.com base dc=vuw,dc=ac,dc=nz pam_password md5 BASE dc=vuw,dc=ac,dc=nz TLS_REQCERT never uri ldap://ldap.vuw.ac.nz/ ssl no tls_cacertdir /etc/openldap/cacerts =============== Trying TLS with, =============== #ssl setup # http://www.padl.com base dc=vuw,dc=ac,dc=nz pam_password md5 BASE dc=vuw,dc=ac,dc=nz TLS_REQCERT allow #TLS_REQCERT never host ldap.vuw.ac.nz ssl start_tls uri ldap://ldap.vuw.ac.nz/ tls_cacertdir /etc/openldap/cacerts =============== Produces this error, [root at vuwunicoadmin01 etc]# ldapsearch -x -ZZ '(uid=jonesst1)' ldap_start_tls: Connect error (-11) additional info: TLS: hostname does not match CN in peer certificate Which is an interesting error..... regards Steven -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20070918/83248a9d/attachment.html
