Thanks Paul and Gordon for your reply.
I'm not sure, but I think the problem is setting up ldap+TLS while the
certificates are not uploaded on the server. So I decide to setup LDAP in a
"post" section only, adding the "--enablesssd --enablesssdauth" options
suggested by Gordon too.
in the kickstart file:
*auth --useshadow --passalgo=sha512
*
in a post section:
# LDAP setup
*authconfig --enableldap --enableldapauth --enablesssd --enablesssdauth
--ldapserver="ldaps://my.ldap.server" --ldapbasedn=dc=my,dc=local,dc=dn --update**
*# Certificat Upload
*cd /etc/openldap/cacerts/ && wget
http://xxx.xxx.xxx.xxx/Softwares7/LDAPCERTS/ca-bundle.crt**
*# server public key upload
*cd /etc/openldap/cacerts/ && wget
http://xxx.xxx.xxx.xxx/Softwares7/LDAPCERTS/server.crt**
*cd /
# TLS setup
*authconfig --enableldaptls --update**
*
And this works fine. Certificat bundle seams to be accepted (I've also tryed to
split the file, no change) and the last command builds the hashes of the
certificates too.
My last problem is that
firstboot --disabled
don't seams to work in my config but...
Thanks for your helpfull suggestions about sssd and certificates.
Patrick
--
===================================================================
| Equipe M.O.S.T. | |
| Patrick BEGOU | mailto:Patrick.Begou@xxxxxxxxxxxxxxx |
| LEGI | |
| BP 53 X | Tel 04 76 82 51 35 |
| 38041 GRENOBLE CEDEX | Fax 04 76 82 52 71 |
===================================================================
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
