On Tue, Aug 18, 2009, Eric B. wrote:
>"Steve Huff" <shuff@xxxxxxxxx> wrote in
>message news:3FA0BDAB-B7D0-42B7-8615-5A7FD2F84FBA@xxxxxxxxxxxx
>> On Aug 17, 2009, at 4:51 PM, "Eric B."
>> <ebenze@xxxxxxxxxxx> wrote:
>>
>>> Any ideas where I might be able to find some
>>> help for it? I enabled full logging on my OpenLDAP server, and I
>>> see it
>>> failing with TLS negotiaiton for some reason, even when I don't want
>>> it to
>>> use TLS.
>>
>> 'man libuser.conf' worked well for me. from this doc you will learn
>> that libuser requires either TLS or a ldaps:// URI.
>
>I've read through libuser.conf and the specific for ldap server says:
>"A domain name or an URI of the LDAP server. The URI can use the ldap or the
>ldaps protocol. When a simple domain name is used, the connection fails if
>TLS can not be used; an URI using the ldap protocol allows connection
>without TLS. Default value is ldap."
>
>My libuser.conf reads:
>server ldap://snoopy.domain.com/
>
>According to the man pages, this should allow for the connection without
>TLS.
Which man pages?
As I read it, the libuser.conf file specifically says that it
requires TLS which can connect to the ldap: URL, then requests a
secure connection. It sounds pretty sane to me that it requires
a secure LDAP connection to handle user maintenance.
Bill
--
INTERNET: bill@xxxxxxxxxxxxx Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way
Voice: (206) 236-1676 Mercer Island, WA 98040-0820
Fax: (206) 232-9186 Skype: jwccsllc (206) 855-5792
The difference between science and the fuzzy subjects is that science
requires reasoning while those other subjects merely require scholarship.
-- Robert Heinlein
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
