LDAP authentication on a remote server (via ldaps://)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hello,

I have a central repository of users/groups based on OpenLDAP which is
working on a remote LAN (servers share users credentials and mount
their home directories via NFS). They use non-encrypted ldap
restricted to the local network.

Now, I have a few servers in our local office and I would like them to
authenticate from the remote LDAP server using encryption via
ldaps://.
(at this stage, without using client-side certificate)

I have run a similar command as I did on the remote servers, replacing
ldap://localldapserver by ldaps://ldap.mycompany.com:
authconfig --enableldap --enableldapauth --enablecache
--enablemkhomedir --ldapserver=ldaps://ldap.mycompany.com
--enableldaptls --ldapbasedn=dc=mycompany,dc=com --passalgo=sha256
--updateall

and I put the CA certificate at the right place.
(either explicitly pointing to it TLS_CACERT or downloading it to
/etc/openldap/cacerts vi system-configuration-authentication)

In all my various tests,
ldapsearch -x
returns the content of the remote LDAP, so I guess that at least
openldap clients are properly configured.

But when I try:
getent passwd
the command hangs.

Same when I try to:
su - myuser

(I also tried configuring with the system-configuration-authentication
UI from a box with GNOME, and also tried authconfig without
--enableldaptls)

So is there anything specific to authentication ldaps: that I should have done?
(as I said, this approach systematically works with plain ldap on this
same LDAP server)

Thanks in advance for your help!

Mathieu

Note: all systems involved are running up to date CentOS 5.5
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux