Thank you both very much! I will take this and report back with my
success.
Mahalo nui loa (Thank you)
John Call
On Feb 28, 2008, at 6:00 AM, dandantheitman wrote:
On 28/02/2008, Jonathan Barber <j.barber@xxxxxxxxxxxx> wrote:
On Wed, Feb 27, 2008 at 04:42:12PM -1000, John Call wrote:
Aloha list,
My university has been authenticating Mac OS X 10.4 clients to FDS
1.04 for about a year now. Things have been working great, as
long as
we keep an eye on the external SASL mechanisms. However, now that
our
staff is deploying the new OS X 10.5 things aren't working. To the
best of our knowledge we have maintained the same client LDAP
configuration from 10.4 to 10.5, but the Apple clients refuse to
authenticate. Has anybody else experienced this?
Are you doing SSL to the ldap? If so, check the clientside SSL
verification. I'm not big on the different Mac OS X versions, so
can't
say when it occured, but for one of the revisions we did see the
default
openldap SSL verification change from "never" to "demand" on the
clients.
I don't think we found a GUI widget to config this behaviour, but you
can via /etc/openldap/ldap.conf like linux.
Jonathon is 100% correct. Starting with OSX Leopard the ldap client
was 'locked down' to make it more secure out of the box. The
TLS_REQCERT = never was revised to TLS_REQCERT = demand.
You either need to make the change on each client in
/etc/openldap/ldap.conf to reset it back to its previous state or you
shall need to do the following:
(01) Copy the cert to the client /etc/openldap/certs
(02) Add the following line to /etc/openldap/ldap.conf:
TLS_CACERT /etc/openldap/certs/bright.newshinycert.com
Dan
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
