[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL + openldap



On Mon, Aug 18, 2003 at 11:03:14AM +0200, Broussard Philippe wrote:
> I use pam_ldap (tarball) for unix authentification and SSL for secure
> transfert
> 
> Have you an idea about why it don't work ???
> 
> PS : the ldap server log gave nothing and I start slapd with tis command
> line : slapd -d 256 -h "ldap://127.0.0.1:389/ ldaps://127.0.0.1:636/"
> 
> LDAP.CONF
> *********
> host XXX.XXX.XXX.XXX
> uri ldap://127.0.0.1/
> uri ldaps://127.0.0.1/
I think the problem is here. First I think you can't use both "host" and
"uri". You should use only "uri" ("host" is deprecated). Then I don't
know if you can use 2 "uri" statements (maybe only the 2nd one is used),
the normal "uri" usage is "uri ldap://foo/ ldaps://bar/ ...".
When using LDAPS, the hostname part of the uri must match the CN of the
certificate, which must be the FQDN of the host. So be sure to have a
right certificate and correct your URIs.
-- 
Bernard Massot

Attachment: pgpxDxQmtEt01.pgp
Description: PGP signature