Jo,
make sure you are using ldapsearch -x -ZZ (if doing anon binds). Cap Zs.
Also, I couldn't just copy/paste/import the /tmp/ssl_enable.ldif from the wiki. I had
to make
sure the line nsSSL3Ciphers: has no breaks in it, (basically shift J in vi) otherwise the
import
fails.
That and make sure you've ssl turned on /etc/ldap.conf on the client's side.
--- Jo De Troy <jo.de.troy(a)gmail.com> wrote:
Hi Jamie,
thanks for the info. I'm trying to setup SSL now. I'm following the SSL
howto posted on the wiki. It seems like it's not totally accurate, I get a
failure when importing the ldif's mentioned in the document. Seems like I
cannot add the attributes
nsslapd-security and nsslapd-ssl-check-hostname
I think SSL is setup now but I cannot seem to get it working with ldapsearch
-zz, I keep getting
ldap_start_tls: Connect error (-11)
additional info: Start TLS request accepted.Server willing to
negotiate SSL.
I guess I need to point my ldap.conf to the ca certificate for trust, which
file is holding the ca certificate? I can however login on port 636 as
Directory Manager when using ldapbrowser (
http://www.mcs.anl.gov/~gawor/ldap/ <
http://www.mcs.anl.gov/%7Egawor/ldap/>)
Another question I have wrt password history, it seems like the history
entries are all using crypt. I thought they would be using the same
encryption as setup for the userpassword (e.g. md5) or is there a particular
reason for using crypt?
Thanks again,
Jo
> --
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
__________________________________________
Yahoo! DSL Something to write home about.
Just $16.99/mo. or less.
dsl.yahoo.com