RE: [Fedora-directory-users] TLS Issue

Date: Thu, 24 Jul 2008 11:26:46 -0400 From: nalin(a)redhat.com To: dharmin98(a)hotmail.com CC: fedora-directory-users(a)redhat.com Subject: Re: [Fedora-directory-users] TLS Issue On Thu, Jul 24, 2008 at 03:11:59PM +0000, Dharmin Mandalia wrote: > I've enabled TLS and am getting below error msg's in /var/log/secure file on Fedora 9, which is my newly configured FDS , if disable TLS , am able to ssh onto the FDS server and with TLS enabled unable to login via ssh. [snip] > sshd[5487]: nss_ldap: could not search LDAP server - Server is unavailable [snip] > /etc/ldap.conf file on Fedora 9, (FDS server ) shows as :- [snip] > ssl start_tls > tls_checkpeer yes > tls_cacertfile /etc/openldap/cacerts/cacert.asc > pam_password md5 > uri ldap://127.0.0.1/ > tls_cacertdir /etc/openldap/cacerts If you're using SSL or TLS, the LDAP client library is going to compare the names in the certificate that the server uses against the value that was given in the client's configuration (in this case "127.0.0.1"), and it looks like they're not matching up here. Typically the certificate uses an actual hostname as a "CN" value in its subject, so you'd need to specify the server URI using a hostname rather than an IP address to make sure that they match. If that's not what's going on here, please post a copy of the certificate that the server's using so that we can have a look. HTH, Nalin