[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: openldap - SSL/TLS - authentification unix



Hi,

"Broussard Philippe" <philippe.broussard@e-qual.fr> writes:

> Thanks for the answer but I don't understand what you mean by : the DN
> ???
[...]
> Hi,
>
> "Broussard Philippe" <philippe.broussard@e-qual.fr> writes:
>
>> Hi,
>>
>>
>>
>> I want authenticate my users when they are loging on a station linux
>> I use pam_ldap and nss_ldap (the tarball not the package), openldap
>> 2.1.17, openssl 0.9.7 and debian 3.0
>>
>> I start the server ldap with : 
>> 	slapd -h "ldap://127.0.0.1:389 ldaps://127.0.0.1:636"
>>
>> In the file : var/log/auth.log, I have this lines
>>
>> Aug 14 10:56:43 squid login[7986]: pam_ldap:
>> ldap_set_option(LDAP_OPT_X_TLS_REQUIRE_CERT): Unknown error
>> Aug 14 10:56:43 squid login[7986]: pam_ldap: _set_ssl_default_options
>> failed
>> Aug 14 10:56:43 squid login[7986]: pam_ldap: ldap_simple_bind Can't
>> contact LDAP server
>
> With what DN did you create your server certificate?

You are trying to establish TLS session and the certificate can't be
read. That is mostly because of a wrong server DN in the certificate.

-Dieter

-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de
http://www.avci.de