On 17.04.20 at 15:59 Clayvahn Hunt wrote: > First, I need to say that the documentation for Leap 15.1, although good, is not (IMO) as good as the documentation at: http://www.port389.org/docs/389ds/howto/quickstart.html Seconded. For some reason there are other examples, introducing some other typos and missing some things that the upstream documentation has. > Once I learned how to use the ds commands (the quickstart examples are *very* illuminating (like how to use the "modify" clause of dsidm (the WHOLE modify clause needs to be a string (not clear (IMO) in the openSUSE docs)))), I learned that on openSUSE (my experience anyway), I need to *include* the basedn in every call (*none* of the documentation I have read refers to including the basedn between the command and the instance name (example: sudo dsidm -b dc=aeho,dc=lan localhost user list)). I have been informed that the basedn should be set in the .dsrc file - *and it is*, yet I still need to include the basedn in every dsidm call. Hmm, for creation of new users I have to add the full thing, but for "user list" or "user get" I can omit the basedn. > ****Here's my .dsrc:**** > > [localhost] > #uri = ldaps://localhost I had to change "localhost" to the server's hostname, otherwise the certificate name will not match. > *This **works** as cert checking is disabled (thanks W. Brown)*: LDAPTLS_REQCERT=never ldapwhoami -v -H ldaps://localhost -D uid=huncl01,ou=people,dc=aeho,dc=lan -W -x Can you try again without ignoring the certificate, but specify the server'sFQDN instead of localhost? > However, I'd like to test authentication *with* TLS security (downstream processes will require *real* authentication), and this call > sudo LDAPTLS_CACERT=/etc/dirsrv/slapd-localhost/ca.crt ldapwhoami -v -H ldaps://localhost -D uid=huncl01,ou=people,dc=aeho,dc=lan -W -x (with or without sudo) > Can you try again without ignoring the certificate, but specify the server'sFQDN instead of localhost? Kind Regards, Johannes -- Johannes Kastl Linux Consultant & Trainer Tel.: +49 (0) 151 2372 5802 Mail: kastl@xxxxxxxxxxxxx B1 Systems GmbH Osterfeldstraße 7 / 85088 Vohburg http://www.b1-systems.de GF: Ralph Dehner Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
