If you run authconfig-tui and select the option to use tls, it will tell you where your openldap's public cert needs to be copied to on your client (/etc/openldap/cacerts) I believe. After you put the cert in that directory, authoconfig will setup the necessary symbolic links for that to work. Be sure to follow the authconfig wizard carefully, including to copy (or already have copied) the cert before completing the wizard. -----Original Message----- From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Virgilio Antonio Araujo Sent: Thursday, June 04, 2009 11:21 AM To: redhat-list@xxxxxxxxxx Subject: Authenticate Linux on Openldap Hi list, I was configuring a openldapserver for proporse the linux and unix clientes authenticate on server. The authentication at server work perfect without tls. With tls the connection still waiting and dosent work. On the server I'm using the following sintax at slapd.conf. ... TLSCipherSuite HIGH:MEDIUM:+SSLv2:+SSLv3:RSA TLSCACertificateFile /etc/openldap/cacerts/server.pem TLSCertificateFile /etc/openldap/cacerts/server.pem TLSCertificateKeyFile /etc/openldap/cacerts/server.pem TLSVerifyClient allow ... After I copy the client pem to server and modify the /etc/ldap.conf as above: ... uri ldaps://spas031elc/ #ssl start_tls tls_cacertdir /etc/openldap/cacerts pam_password md5 ... And /etc/openldap/ldap.conf ... URI ldaps://spas031elc/ BASE dc=elucid,dc=int TLS_CACERTDIR /etc/openldap/cacerts ... I follow the documentation at: http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch31_:_Centr alized_Logins_Using_LDAP_and_RADIUS Someone had the problem ? Thanks for help... -- Virgilio Antonio Araujo ----------------------------- RHCT LPIC 3 Mandriva +55(11)8060-9745 -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
