[Fedora-directory-users] TLS Issue
Dharmin Mandalia
dharmin98 at hotmail.com
Thu Jul 24 15:33:24 UTC 2008
Hello Nalin
Many Thanks...
replaced with FQDN instead of 127.0.0.1 and works fine.
Thanks for a quick reply.
Regards
Dharmin
----------------------------------------
> Date: Thu, 24 Jul 2008 11:26:46 -0400
> From: nalin at redhat.com
> To: dharmin98 at hotmail.com
> CC: fedora-directory-users at redhat.com
> Subject: Re: [Fedora-directory-users] TLS Issue
>
> On Thu, Jul 24, 2008 at 03:11:59PM +0000, Dharmin Mandalia wrote:
>> I've enabled TLS and am getting below error msg's in /var/log/secure file on Fedora 9, which is my newly configured FDS , if disable TLS , am able to ssh onto the FDS server and with TLS enabled unable to login via ssh.
> [snip]
>> sshd[5487]: nss_ldap: could not search LDAP server - Server is unavailable
> [snip]
>> /etc/ldap.conf file on Fedora 9, (FDS server ) shows as :-
> [snip]
>> ssl start_tls
>> tls_checkpeer yes
>> tls_cacertfile /etc/openldap/cacerts/cacert.asc
>> pam_password md5
>> uri ldap://127.0.0.1/
>> tls_cacertdir /etc/openldap/cacerts
>
> If you're using SSL or TLS, the LDAP client library is going to compare
> the names in the certificate that the server uses against the value that
> was given in the client's configuration (in this case "127.0.0.1"), and
> it looks like they're not matching up here.
>
> Typically the certificate uses an actual hostname as a "CN" value in its
> subject, so you'd need to specify the server URI using a hostname rather
> than an IP address to make sure that they match.
>
> If that's not what's going on here, please post a copy of the
> certificate that the server's using so that we can have a look.
>
> HTH,
>
> Nalin
_________________________________________________________________
Time for vacation? WIN what you need- enter now!
http://www.gowindowslive.com/summergiveaway/?ocid=tag_jlyhm
More information about the 389-users
mailing list