RE: getting sh on RHAS5 to work with FDS.

["Steven Jones" <Steven.Jones@xxxxxxxxx>]

An “improved” ldap.conf (with no ssl/TLS) for RHAS5

 

===============

# http://www.padl.com

base dc=vuw,dc=ac,dc=nz

pam_password md5

BASE dc=vuw,dc=ac,dc=nz

TLS_REQCERT never

uri ldap://ldap.vuw.ac.nz/

ssl no

tls_cacertdir /etc/openldap/cacerts

===============

 

Trying TLS with,

 

===============

#ssl setup

# http://www.padl.com

base dc=vuw,dc=ac,dc=nz

pam_password md5

BASE dc=vuw,dc=ac,dc=nz

TLS_REQCERT allow

#TLS_REQCERT never

host ldap.vuw.ac.nz

ssl start_tls

uri ldap://ldap.vuw.ac.nz/

tls_cacertdir /etc/openldap/cacerts

===============

 

Produces this error,

 

[root@vuwunicoadmin01 etc]# ldapsearch -x -ZZ '(uid=jonesst1)'

ldap_start_tls: Connect error (-11)

        additional info: TLS: hostname does not match CN in peer certificate

 

Which is an interesting error…..

 

regards

 

Steven

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users