On Thu, Jun 4, 2009 at 12:21, Virgilio Antonio Araujo <vi.rlz4ever@xxxxxxxxx> wrote: > Hi list, I was configuring a openldapserver for proporse the linux and unix > clientes authenticate on server. The authentication at server work perfect > without tls. With tls the connection still waiting and dosent work. > On the server I'm using the following sintax at slapd.conf. > ... > TLSCipherSuite HIGH:MEDIUM:+SSLv2:+SSLv3:RSA > TLSCACertificateFile /etc/openldap/cacerts/server.pem > TLSCertificateFile /etc/openldap/cacerts/server.pem > TLSCertificateKeyFile /etc/openldap/cacerts/server.pem > TLSVerifyClient allow > ... > > After I copy the client pem to server and modify the /etc/ldap.conf as > above: > ... > uri ldaps://spas031elc/ > #ssl start_tls > tls_cacertdir /etc/openldap/cacerts > pam_password md5 > ... > > And /etc/openldap/ldap.conf > ... > URI ldaps://spas031elc/ > BASE dc=elucid,dc=int > TLS_CACERTDIR /etc/openldap/cacerts > ... > > I follow the documentation at: > http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch31_:_Centralized_Logins_Using_LDAP_and_RADIUS > > Someone had the problem ? > Thanks for help... > It has to do with how you generated your key, in many cases. Remember that the key's Common Name (CN) has to be the same address you use to configure it at clients. In that case, for example, it would be "spas031elc". LDAP clients refuse the connections when TLS certificate's Common Name doesn't match hostname used to connect. Got it? =) -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
