To answer a few questions,
Searching for any thing about ldap.conf in google gave me a lot of openldap specific stuff. Sorry to have to post into this mailling list, but I figure that if im having this much trouble getting this to work, then there is a good chance others are too.
I've tried a few combinations of these and none have worked for me.
TLS_CACERT is pointing to CACert's root certificate.
Here is the current tail of my ldap.conf file.
TLS_CACERT /etc/pki/tls/certs/cacert.org-root.txt
TLS_CACERT_DIR /etc/pki/tls/certs
TLS_REQCERT allow
uri ldaps://rhds.example.com:636/
ssl no
#tls_cacertdir /etc/pki/tls/certs
pam_password ssha
Interestingly enough, it worked after doing the following.
cat /etc/pki/tls/certs/cacert.org-root.txt >> /etc/pki/tls/cert.pem
This is the symlink to ca-bundle.crt
My fear with this, is that I'll run a yum -y update on all my servers, and then nobody will be able to log in anywhere.
Searching for any thing about ldap.conf in google gave me a lot of openldap specific stuff. Sorry to have to post into this mailling list, but I figure that if im having this much trouble getting this to work, then there is a good chance others are too.
I've tried a few combinations of these and none have worked for me.
TLS_CACERT is pointing to CACert's root certificate.
Here is the current tail of my ldap.conf file.
TLS_CACERT /etc/pki/tls/certs/cacert.org-root.txt
TLS_CACERT_DIR /etc/pki/tls/certs
TLS_REQCERT allow
uri ldaps://rhds.example.com:636/
ssl no
#tls_cacertdir /etc/pki/tls/certs
pam_password ssha
Interestingly enough, it worked after doing the following.
cat /etc/pki/tls/certs/cacert.org-root.txt >> /etc/pki/tls/cert.pem
This is the symlink to ca-bundle.crt
My fear with this, is that I'll run a yum -y update on all my servers, and then nobody will be able to log in anywhere.
From: Jean-Noel Chardron <Jean-Noel.Chardron@xxxxxxxxxxxx>
To: General discussion list for the 389 Directory server project. <fedora-directory-users@xxxxxxxxxx>
Sent: Wednesday, June 24, 2009 1:19:36 PM
Subject: Re: [389-users] Trouble using self signed certificates.
David Christensen a écrit :
>
> I was having a similar issue yesterday, everything worked until I
> appended more then one CA to the file in /etc/openldap/cacerts, then it
> kept failing until I limited it to one CA. Are you
> using a single CA?
>
The client authenticates to a server with a single authority, so why try to install two or more. otherwise you must use a file by CA in the directory.
unless you speak CA chain.
--
389 users mailing list
389-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- 389 users mailing list 389-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
