Hello Nalin Many Thanks... replaced with FQDN instead of 127.0.0.1 and works fine. Thanks for a quick reply. Regards Dharmin ---------------------------------------- > Date: Thu, 24 Jul 2008 11:26:46 -0400 > From: nalin at redhat.com > To: dharmin98 at hotmail.com > CC: fedora-directory-users at redhat.com > Subject: Re: TLS Issue > > On Thu, Jul 24, 2008 at 03:11:59PM +0000, Dharmin Mandalia wrote: >> I've enabled TLS and am getting below error msg's in /var/log/secure file on Fedora 9, which is my newly configured FDS , if disable TLS , am able to ssh onto the FDS server and with TLS enabled unable to login via ssh. > [snip] >> sshd[5487]: nss_ldap: could not search LDAP server - Server is unavailable > [snip] >> /etc/ldap.conf file on Fedora 9, (FDS server ) shows as :- > [snip] >> ssl start_tls >> tls_checkpeer yes >> tls_cacertfile /etc/openldap/cacerts/cacert.asc >> pam_password md5 >> uri ldap://127.0.0.1/ >> tls_cacertdir /etc/openldap/cacerts > > If you're using SSL or TLS, the LDAP client library is going to compare > the names in the certificate that the server uses against the value that > was given in the client's configuration (in this case "127.0.0.1"), and > it looks like they're not matching up here. > > Typically the certificate uses an actual hostname as a "CN" value in its > subject, so you'd need to specify the server URI using a hostname rather > than an IP address to make sure that they match. > > If that's not what's going on here, please post a copy of the > certificate that the server's using so that we can have a look. > > HTH, > > Nalin _________________________________________________________________ Time for vacation? WIN what you need- enter now! http://www.gowindowslive.com/summergiveaway/?ocid=tag_jlyhm
