To answer a few questions, Searching for any thing about ldap.conf in google gave me a lot of openldap specific stuff. Sorry to have to post into this mailling list, but I figure that if im having this much trouble getting this to work, then there is a good chance others are too. I've tried a few combinations of these and none have worked for me. TLS_CACERT is pointing to CACert's root certificate. Here is the current tail of my ldap.conf file. TLS_CACERT /etc/pki/tls/certs/cacert.org-root.txt TLS_CACERT_DIR /etc/pki/tls/certs TLS_REQCERT allow uri ldaps://rhds.example.com:636/ ssl no #tls_cacertdir /etc/pki/tls/certs pam_password ssha Interestingly enough, it worked after doing the following. cat /etc/pki/tls/certs/cacert.org-root.txt >> /etc/pki/tls/cert.pem This is the symlink to ca-bundle.crt My fear with this, is that I'll run a yum -y update on all my servers, and then nobody will be able to log in anywhere. ________________________________ From: Jean-Noel Chardron <Jean-Noel.Chardron at dr15.cnrs.fr> To: General discussion list for the 389 Directory server project. <fedora-directory-users at redhat.com> Sent: Wednesday, June 24, 2009 1:19:36 PM Subject: Re: [389-users] Trouble using self signed certificates. David Christensen a ?crit : > > I was having a similar issue yesterday, everything worked until I > appended more then one CA to the file in /etc/openldap/cacerts, then it > kept failing until I limited it to one CA. Are you > using a single CA? > The client authenticates to a server with a single authority, so why try to install two or more. otherwise you must use a file by CA in the directory. unless you speak CA chain. -- 389 users mailing list 389-users at redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20090624/0aa5f56d/attachment.html
