Re: LDAP and expired passwords

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Fri, 31 Oct 2008, Filipe Brandenburger wrote:

Hi Felipe; many thanks for your reply.


# grep ^updateref /etc/openldap/slapd.conf


	updateref ldaps://ldap1.cbe.cornell.edu


# openssl x509 -text -in $(grep -i ^tlscertificatefile
/etc/openldap/slapd.conf | awk '{print$2}') | grep Subject:


master (line continuations added):
        Subject: C=US, ST=New York, O=Cornell School of Chemical and \
	Biomolecular Engineering/emailAddress=certs@xxxxxxxxxxxxxxx, \
	CN=ldap1.cbe.cornell.edu

slave:
        Subject: C=US, ST=New York, O=Cornell School of Chemical and \
	Biomolecular Engineering/emailAddress=certs@xxxxxxxxxxxxxxx, \
	CN=asimov.cbe.cornell.edu

 > What is the issuer of each certificate?

Same on master and all slaves:
        Issuer: O=Cornell School of Chemical and Biomolecular Engineering,
	L=Ithaca, ST=New York, C=US,
	CN=cbe.cornell.edu/emailAddress=certs@xxxxxxxxxxxxxxx


Could you also send the /etc/ldap.conf of the client where you are
trying to change the password?


	host asimov.cbe.cornell.edu
	referrals yes
	base dc=cbe,dc=cornell,dc=edu
	ldap_version 3
	binddn cn=kelvin.cbe.cornell.edu,ou=Binddn,dc=cbe,dc=cornell,dc=edu
	bindpw XXXXXXXXX
	timelimit 120
	bind_timelimit 5
	bind_policy soft
	idle_timelimit 3600
	pam_password exop
	nss_base_passwd         ou=People,dc=cbe,dc=cornell,dc=edu?one
	nss_base_shadow         ou=People,dc=cbe,dc=cornell,dc=edu?one
	nss_base_group          ou=Group,dc=cbe,dc=cornell,dc=edu?one
	nss_base_hosts          ou=Hosts,dc=cbe,dc=cornell,dc=edu?one
	nss_base_services       ou=Services,dc=cbe,dc=cornell,dc=edu?one
	nss_base_networks       ou=Networks,dc=cbe,dc=cornell,dc=edu?one
	nss_base_protocols      ou=Protocols,dc=cbe,dc=cornell,dc=edu?one
	nss_base_rpc            ou=Rpc,dc=cbe,dc=cornell,dc=edu?one
	nss_base_ethers         ou=Ethers,dc=cbe,dc=cornell,dc=edu?one
	nss_base_netmasks       ou=Networks,dc=cbe,dc=cornell,dc=edu?ne
	nss_base_bootparams     ou=Ethers,dc=cbe,dc=cornell,dc=edu?one
	nss_base_aliases        ou=Aliases,dc=cbe,dc=cornell,dc=edu?one
	nss_base_netgroup       ou=Netgroup,dc=cbe,dc=cornell,dc=edu?one
	ssl start_tls
	tls_checkpeer yes
	tls_cacertdir /etc/openldap/cacerts
	tls_ciphers TLSv1

-Steve
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux