[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE : SSL + openldap


I made the modifications in ldap.conf :
	I have deleted the host line 
	I have used the second line of uri

I can contact now the ldap server but the pam_ldap always don't work,
I'm always the same error andd I don't know why


PS : thanks for the answer

Aug 19 12:01:30 squid login[907]: pam_ldap:
ldap_set_option(LDAP_OPT_X_TLS_REQUIRE_CERT): Unknown error
Aug 19 12:01:30 squid login[907]: pam_ldap: _set_ssl_default_options

conn=0 fd=13 ACCEPT from IP= (IP=
conn=0 op=0 BIND dn="cn=Root,dc=e-qual,dc=fr" method=128
conn=0 op=0 BIND dn="cn=Root,dc=e-qual,dc=fr" mech=simple ssf=0
conn=0 op=0 RESULT tag=97 err=0 text=
conn=0 op=1 SRCH base="ou=People,dc=e-qual,dc=fr" scope=2
<= bdb_equality_candidates: (uid) index_param failed (18)
conn=0 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=0 op=2 BIND anonymous mech=implicit ssf=0conn=0 op=2 BIND
dn="uid=root,ou=People,dc=e-qual,dc=fr" method=128
conn=0 op=2 BIND dn="uid=root,ou=People,dc=e-qual,dc=fr" mech=simple
conn=0 op=2 RESULT tag=97 err=0 text=
conn=0 op=3 BIND anonymous mech=implicit ssf=0conn=0 op=3 BIND
dn="cn=Root,dc=e-qual,dc=fr" method=128
conn=0 op=3 BIND dn="cn=Root,dc=e-qual,dc=fr" mech=simple ssf=0
conn=0 op=3 RESULT tag=97 err=0 text=
conn=0 fd=13 closed

-----Message d'origine-----
De : owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org] De la part de Bernard
Envoyé : mardi 19 août 2003 10:59
À : openldap-software@OpenLDAP.org
Objet : Re: SSL + openldap

On Mon, Aug 18, 2003 at 11:03:14AM +0200, Broussard Philippe wrote:
> I use pam_ldap (tarball) for unix authentification and SSL for secure
> transfert
> Have you an idea about why it don't work ???
> PS : the ldap server log gave nothing and I start slapd with tis
> line : slapd -d 256 -h "ldap:// ldaps://"
> *********
> uri ldap://
> uri ldaps://
I think the problem is here. First I think you can't use both "host" and
"uri". You should use only "uri" ("host" is deprecated). Then I don't
know if you can use 2 "uri" statements (maybe only the 2nd one is used),
the normal "uri" usage is "uri ldap://foo/ ldaps://bar/ ...".
When using LDAPS, the hostname part of the uri must match the CN of the
certificate, which must be the FQDN of the host. So be sure to have a
right certificate and correct your URIs.
Bernard Massot