Hello,
I have a central repository of users/groups based on OpenLDAP which is
working on a remote LAN (servers share users credentials and mount
their home directories via NFS). They use non-encrypted ldap
restricted to the local network.
Now, I have a few servers in our local office and I would like them to
authenticate from the remote LDAP server using encryption via
ldaps://.
(at this stage, without using client-side certificate)
I have run a similar command as I did on the remote servers, replacing
ldap://localldapserver by ldaps://ldap.mycompany.com:
authconfig --enableldap --enableldapauth --enablecache
--enablemkhomedir --ldapserver=ldaps://ldap.mycompany.com
--enableldaptls --ldapbasedn=dc=mycompany,dc=com --passalgo=sha256
--updateall
and I put the CA certificate at the right place.
(either explicitly pointing to it TLS_CACERT or downloading it to
/etc/openldap/cacerts vi system-configuration-authentication)
In all my various tests,
ldapsearch -x
returns the content of the remote LDAP, so I guess that at least
openldap clients are properly configured.
But when I try:
getent passwd
the command hangs.
Same when I try to:
su - myuser
(I also tried configuring with the system-configuration-authentication
UI from a box with GNOME, and also tried authconfig without
--enableldaptls)
So is there anything specific to authentication ldaps: that I should have done?
(as I said, this approach systematically works with plain ldap on this
same LDAP server)
Thanks in advance for your help!
Mathieu
Note: all systems involved are running up to date CentOS 5.5
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
