[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: fedora and openldap



On Wed, 13 Apr 2011, Judith Flo Gaya wrote:

I see, I also have those files that you mention... I created my own CA as lots of tutorials explain.. Then I transmitted it to the clients and used it in the ldap.conf file. Do you suggest me to send those to the server and use them instead of the ones I generated with openssl?

Well, you'll need the CA on the client to match the CA that signed the server's certificate. In other words...if you generated your own CA for both the client and the server, trust issues would be completely expected...

What's your server?

OpenLDAP software is on both sides of the equation; it's just that some clients are NSS, some clients are OpenSSL, some clients are GnuTLS, while ALL servers are OpenSSL.

Well my final problem were not ldapsearch but the user autenticacion. The ldapsaerch showed the whole ldap definitions but if I try to ssh with an ldap user to the machine, I get some TLS negotiation problem ;( That's when I was told that the problem may be caused by the implementation of the ldap client (with moznss support).

Well, when troubleshooting, it's often easiest to look with a narrow scope. Using OpenLDAP software, such as ldapsearch(1) and ldapwhoami(1), will probably offer a better debugging platform than an ssh implementation? One step at a time...