[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE : SSL + openldap



Hi,

I made the modifications in ldap.conf :
	I have deleted the host line 
	I have used the second line of uri

I can contact now the ldap server but the pam_ldap always don't work,
I'm always the same error andd I don't know why

Philippe

PS : thanks for the answer


AUTH.LOG
********
Aug 19 12:01:30 squid login[907]: pam_ldap:
ldap_set_option(LDAP_OPT_X_TLS_REQUIRE_CERT): Unknown error
Aug 19 12:01:30 squid login[907]: pam_ldap: _set_ssl_default_options
failed

SLAPD LOG
*********
conn=0 fd=13 ACCEPT from IP=127.0.0.1:1085 (IP=127.0.0.1:389)
conn=0 op=0 BIND dn="cn=Root,dc=e-qual,dc=fr" method=128
conn=0 op=0 BIND dn="cn=Root,dc=e-qual,dc=fr" mech=simple ssf=0
conn=0 op=0 RESULT tag=97 err=0 text=
conn=0 op=1 SRCH base="ou=People,dc=e-qual,dc=fr" scope=2
filter="(&(objectClass=account)(uid=root))"
<= bdb_equality_candidates: (uid) index_param failed (18)
conn=0 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=0 op=2 BIND anonymous mech=implicit ssf=0conn=0 op=2 BIND
dn="uid=root,ou=People,dc=e-qual,dc=fr" method=128
conn=0 op=2 BIND dn="uid=root,ou=People,dc=e-qual,dc=fr" mech=simple
ssf=0
conn=0 op=2 RESULT tag=97 err=0 text=
conn=0 op=3 BIND anonymous mech=implicit ssf=0conn=0 op=3 BIND
dn="cn=Root,dc=e-qual,dc=fr" method=128
conn=0 op=3 BIND dn="cn=Root,dc=e-qual,dc=fr" mech=simple ssf=0
conn=0 op=3 RESULT tag=97 err=0 text=
conn=0 fd=13 closed




-----Message d'origine-----
De : owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org] De la part de Bernard
Massot
Envoyé : mardi 19 août 2003 10:59
À : openldap-software@OpenLDAP.org
Objet : Re: SSL + openldap

On Mon, Aug 18, 2003 at 11:03:14AM +0200, Broussard Philippe wrote:
> I use pam_ldap (tarball) for unix authentification and SSL for secure
> transfert
> 
> Have you an idea about why it don't work ???
> 
> PS : the ldap server log gave nothing and I start slapd with tis
command
> line : slapd -d 256 -h "ldap://127.0.0.1:389/ ldaps://127.0.0.1:636/"
> 
> LDAP.CONF
> *********
> host XXX.XXX.XXX.XXX
> uri ldap://127.0.0.1/
> uri ldaps://127.0.0.1/
I think the problem is here. First I think you can't use both "host" and
"uri". You should use only "uri" ("host" is deprecated). Then I don't
know if you can use 2 "uri" statements (maybe only the 2nd one is used),
the normal "uri" usage is "uri ldap://foo/ ldaps://bar/ ...".
When using LDAPS, the hostname part of the uri must match the CN of the
certificate, which must be the FQDN of the host. So be sure to have a
right certificate and correct your URIs.
-- 
Bernard Massot