Re: Central authentication using 389 DS

William Brown <wbrown@xxxxxxx> · Mon, 2 Sep 2019 09:43:14 +1000

> On 2 Sep 2019, at 00:17, Nicolas Kovacs <info@xxxxxxxxxxxxx> wrote:
> 
> Hi,
> 
> I've just completed a detailed blog article series about central
> authentication using 389 Directory Server. It's in French, and I
> published it on my tech blog.

Thanks, this is great!

> 
>  * https://www.microlinux.fr/389-ds-centos-7/

I already sent feedback about this in a previous email. 

> 
>  * https://www.microlinux.fr/389-ds-utilisateurs-centos-7/

> 
>  * https://www.microlinux.fr/389-ds-tls-centos-7/
> 
>  * https://www.microlinux.fr/opensuse-leap-15-1-389-ds/

I'm a bit concerned about putting your self signed CA in the system trust store here. You may be better to put this in:

cp ca.crt /etc/openldap/certs/
/usr/bin/c_rehash /etc/openldap/certs/

Then you can use TLS_CACERTDIR /etc/openldap/certs for ldap.conf, and clients like sssd.conf.

Hope that helps, 

> 
> Cheers from the sunny South of France,
> 
> Niki Kovacs
> 
> -- 
> Microlinux - Solutions informatiques durables
> 7, place de l'église - 30730 Montpezat
> Site : https://www.microlinux.fr
> Mail : info@xxxxxxxxxxxxx
> Tél. : 04 66 63 10 32
> Mob. : 06 51 80 12 12
> _______________________________________________
> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx

—
Sincerely,

William Brown

Senior Software Engineer, 389 Directory Server
SUSE Labs
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx