Re: 389-ds connecting to Mac OS X 10.10 giving SSL not available error

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Ok...

Fixed the SSL issue by adding the server cert to the mac's keychain and "trusting" it.

See:  http://people.ivec.uwa.edu.au/ashley.chew/fedora-ds/fedora-ds-26072006.html

The above procedure is a bit old, but the general idea works for Mac OS 10.10.



On 8/19/16 10:59 AM, Janet Houser wrote:
Hi folks,

I've been using 389-ds for about 6 months and have successfully configured various linux systems as LDAP clients (CentOS, Ubuntu, openSUSE, etc.).

I'm now trying to connect a Mac system (OS X 10.10) into the LDAP server and I'm getting a strange error. 

From Users & Groups, when I "Join" a "Network Account Server" and enter the FQDN of my 389-ds server, I'm given the message:

         "This server does not provide a secure (SSL) connection.   Do you want to continue?"

I've selected "yes" and moved forward with LDAPv3 with LDAP Mappings set to  RFC2307.

Using the mac dscl command, I can query users from the command line using:

             dscl     /LDAPv3/FQDN_of_server    -read     Users/testuser


In the 389 Management Console, under "Encryption", I have "Enable SSL for this server" and set "Allow client authentication".
The postfix groups I created resolve properly, and changing a test file to a specific uid / gid   will resolve properly to the name/group of
a user in the 389-ds database.

However, when a user tries to change their password, it fails with a generic "general failure" message.   The access log
on the 389-ds ldap server shows the following for the connection:

CONNECT fd=113 slot=113 connection from xxx.xx.xx.218 to xxx.xx.xx.4
EXT oid='1.3.6.1.4.1.l466.20037" name = "startTLS"
RESULT err=0 tag=120 nentries=0 etime=0
DISCONNECT fd=113 closed - Encountered end of file

I believe the inability to change a user's password is link to the fact that the mac isn't speaking to the LDAP server using SSL,
but I'm not sure what I'm missing in the server configuration to allow the Mac to connect via SSL.

Any hints would be appreciated.

Thanks,

janet

--
389-users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux