Hi,
On Fri, Oct 31, 2008 at 18:32, Steve Thompson <smt@xxxxxxxxxxxx> wrote:
>> Does the common name in the certificate or the x509 v3 extensions match
>> the hostname used in the referral in your slapd.conf? Is the
>> certificate issued by the ldap server you are being referred to signed
>> by a trusted CA?
>
> Yes to both.
Are you sure?
What is the output of this command on your slave LDAP server?
# grep ^updateref /etc/openldap/slapd.conf
What is the output of this command on both of them, master and slave?
# openssl x509 -text -in $(grep -i ^tlscertificatefile
/etc/openldap/slapd.conf | awk '{print$2}') | grep Subject:
What is the issuer of each certificate?
# openssl x509 -text -in $(grep -i ^tlscertificatefile
/etc/openldap/slapd.conf | awk '{print$2}') | grep Issuer:
Could you also send the /etc/ldap.conf of the client where you are
trying to change the password? You can strip the commented and blank
lines:
# grep -v -e ^# -e ^$ /etc/ldap.conf
Using SSL on OpenLDAP is really tricky, I've been through it recently
and the configuration is not easy at all... If you send that info it
might be easier to track down the problem.
Filipe
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
