Hello Nalin
Many Thanks...
replaced with FQDN instead of 127.0.0.1 and works fine.
Thanks for a quick reply.
Regards
Dharmin
----------------------------------------
Date: Thu, 24 Jul 2008 11:26:46 -0400
From: nalin(a)redhat.com
To: dharmin98(a)hotmail.com
CC: fedora-directory-users(a)redhat.com
Subject: Re: [Fedora-directory-users] TLS Issue
On Thu, Jul 24, 2008 at 03:11:59PM +0000, Dharmin Mandalia wrote:
> I've enabled TLS and am getting below error msg's in /var/log/secure file on
Fedora 9, which is my newly configured FDS , if disable TLS , am able to ssh onto the FDS
server and with TLS enabled unable to login via ssh.
[snip]
> sshd[5487]: nss_ldap: could not search LDAP server - Server is unavailable
[snip]
> /etc/ldap.conf file on Fedora 9, (FDS server ) shows as :-
[snip]
> ssl start_tls
> tls_checkpeer yes
> tls_cacertfile /etc/openldap/cacerts/cacert.asc
> pam_password md5
> uri ldap://127.0.0.1/
> tls_cacertdir /etc/openldap/cacerts
If you're using SSL or TLS, the LDAP client library is going to compare
the names in the certificate that the server uses against the value that
was given in the client's configuration (in this case "127.0.0.1"), and
it looks like they're not matching up here.
Typically the certificate uses an actual hostname as a "CN" value in its
subject, so you'd need to specify the server URI using a hostname rather
than an IP address to make sure that they match.
If that's not what's going on here, please post a copy of the
certificate that the server's using so that we can have a look.
HTH,
Nalin
_________________________________________________________________
Time for vacation? WIN what you need- enter now!
http://www.gowindowslive.com/summergiveaway/?ocid=tag_jlyhm