Paolo Ercolani wrote:
Hi. I'm new to this list and it's a week i'm really fighting with directory server. I followed some howtos, i downloaded a lot of documents but i can't get out of trouble. I need to make login from my linux boxes on ldap directory server. If i try to use my test user in clear mode i can do that. The problem is when i try to configure a self-signed certificate. I'll not describe all the tests i've done, i'll tell you just the last!! I created my cacert.pem on the ldapserver and i installed from the console. It goes and it's ok. Then i used openssl to generate a private key and a certificate request then i signed it. That's what i did:I'm unclear on this last step. What do you mean by login still didn't go? Because the access log excerpt below would seem to indicate that the os did search for and find the login name.openssl genrsa -out privkey.pem 2048 openssl req -new -key privkey.pem -out PEM.csr openssl ca -cert cacert.pem -in PEM.csr -out cert.pemI copied cacert.pem, privkey.pem and cert.pem on the client and i configured ldap.conf on it:URI ldaps://<ldapserver>:636 BASE ou=UTENTI,o=postel,c=com host kingu.postel.com TLS_REQCERT allow TLS_CHECKPEER yes TLS_CACERTDIR /etc/ssl TLS_CACERT /etc/ssl/cacert.pem TLS_CERT /etc/ssl/cert.pem TLS_KEY /etc/ssl/privkey.pemI activated ssl on my ldap server and i installed my cacert.pem on it. i didn't anything else. I tried also to generate a certificate request from directory server and to sign it with my cacert.pem. Then i imported it like my server-cert. It imported it but login still didn't go.
I followed the manuals i found on directory.fedora.org (managing SSL and SASL), but i saw a lot of documents too.I think logs say nothing bad. That's my access log: / / /[10/Apr/2007:14:59:54 +0200] conn=15 fd=65 slot=65 SSL connection from <ldap client> to <ldap server>/ /[10/Apr/2007:14:59:54 +0200] conn=15 SSL 256-bit AES/ /[10/Apr/2007:14:59:54 +0200] conn=15 op=0 BIND dn="" method=128 version=3/ /[10/Apr/2007:14:59:54 +0200] conn=15 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn=""/ /[10/Apr/2007:14:59:54 +0200] conn=15 op=1 SRCH base="ou=UTENTI,o=postel,c=com" scope=2 filter="(&(objectClass=posixAccount)(uid=utente))" attrs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass"/ /[10/Apr/2007:14:59:54 +0200] conn=15 op=1 RESULT err=0 tag=101 nentries=1 etime=0/ /[10/Apr/2007:14:59:56 +0200] conn=15 op=2 SRCH base="ou=UTENTI,o=postel,c=com" scope=2 filter="(&(objectClass=posixAccount)(uid=utente))" attrs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass"/ /[10/Apr/2007:14:59:56 +0200] conn=15 op=2 RESULT err=0 tag=101 nentries=1 etime=0/ /[10/Apr/2007:14:59:56 +0200] conn=15 op=3 SRCH base="ou=UTENTI,o=postel,c=com" scope=2 filter="(&(objectClass=shadowAccount)(uid=utente))" attrs="uid userPassword shadowLastChange shadowMax shadowMin shadowWarning shadowInactive shadowExpire shadowFlag"/ /[10/Apr/2007:14:59:56 +0200] conn=15 op=3 RESULT err=0 tag=101 nentries=1 etime=0/ /[10/Apr/2007:14:59:56 +0200] conn=15 op=4 SRCH base="ou=UTENTI,o=postel,c=com" scope=2 filter="(&(objectClass=posixAccount)(uid=utente))" attrs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass"/ /[10/Apr/2007:14:59:56 +0200] conn=15 op=4 RESULT err=0 tag=101 nentries=1 etime=0/ /[10/Apr/2007:14:59:56 +0200] conn=16 fd=66 slot=66 SSL connection from <ldap client> to <ldap server>/To me it seems it says nothing bad. I can't get out of it and i don't understand what is wrong. The directory server version is 1.0.4. I installed it from RPM on redhat enterprise 4.If i try to log on URI ldap://<ldapserver> (not ssl !!) it goes and i can authenticate using ldap!!!Anyone can help me, please??? Thanks everyone. Paolo.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
