[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: fedora and openldap

To: Judith Flo Gaya <jflo@imppc.org>
Subject: Re: fedora and openldap
From: Aaron Richton <richton@nbcs.rutgers.edu>
Date: Wed, 13 Apr 2011 14:00:56 -0400 (EDT)
Cc: "richm@stanfordalumni.org" <richm@stanfordalumni.org>, Rich Megginson <rich.megginson@gmail.com>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>
In-reply-to: <4DA5BAEE.7060603@imppc.org>
References: <4D9B87A2.8040400@imppc.org> <201104091723.01247.harry.jede@arcor.de> <4DA2CE65.70006@imppc.org> <201104111314.34875.harry.jede@arcor.de> <4DA4876E.7000907@imppc.org> <38ACE42D42C9413E24A03D6F@[192.168.1.2]> <4DA4A479.70404@imppc.org> <4DA4ACCD.4010501@gmail.com> <4DA4B394.6060107@imppc.org> <4DA4B514.1020404@gmail.com> <4DA582B7.5070907@imppc.org> <4DA5A137.6020007@gmail.com> <4DA5B2E3.7010407@imppc.org> <4DA5B521.8050908@gmail.com> <4DA5BAEE.7060603@imppc.org>
User-agent: Alpine 2.00 (SOC 1167 2008-08-23)

On Wed, 13 Apr 2011, Judith Flo Gaya wrote:

As the server is a rhel6 its openldap is compiled against openssl, theclients are using openldap with moznss, so it looks like I'll be forcedto recompile everything to either moznss or openssl but it looks veryvery complicated.

My experience differs. I know that I have F14 clients (and probablyothers; clients are largely out of my scope) using NSS, even though Idon't have NSS on the servers. I'm not sure if somewhere in this threadyou mentioned that you were (or weren't) using generally-respectedcommercial CAs? We do, and a working F14 client has:


[/etc/openldap/ldap.conf says] TLS_CACERT /etc/pki/tls/cert.pem

and /etc/pki/tls/cert.pem is a symlink to "certs/ca-bundle.crt" which has,unsurprisingly, a bunch of CA certs--I note no base64 encoding. Apparentlythese are both provided by a Fedora "ca-certificates" package.

All this is to say...I've seen the OpenLDAP NSS client work at least once,via ldapsearch(1), even though it's not the TLS implementation on theserver side.

Follow-Ups:
- Re: fedora and openldap
  - From: Judith Flo Gaya <jflo@imppc.org>

References:
- fedora and openldap
  - From: Judith Flo Gaya <jflo@imppc.org>
- Re: fedora and openldap
  - From: harry.jede@arcor.de
- Re: fedora and openldap
  - From: Judith Flo Gaya <jflo@imppc.org>
- Re: fedora and openldap
  - From: harry.jede@arcor.de
- Re: fedora and openldap
  - From: Judith Flo Gaya <jflo@imppc.org>
- Re: fedora and openldap
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: fedora and openldap
  - From: Judith Flo Gaya <jflo@imppc.org>
- Re: fedora and openldap
  - From: Rich Megginson <rich.megginson@gmail.com>
- Re: fedora and openldap
  - From: Judith Flo Gaya <jflo@imppc.org>
- Re: fedora and openldap
  - From: Rich Megginson <rich.megginson@gmail.com>
- Re: fedora and openldap
  - From: Judith Flo Gaya <jflo@imppc.org>
- Re: fedora and openldap
  - From: Rich Megginson <rich.megginson@gmail.com>
- Re: fedora and openldap
  - From: Judith Flo Gaya <jflo@imppc.org>
- Re: fedora and openldap
  - From: Rich Megginson <rich.megginson@gmail.com>
- Re: fedora and openldap
  - From: Judith Flo Gaya <jflo@imppc.org>

Prev by Date: Solaris10+openldap+nss_ldap+pam_ldap=nightmare
Next by Date: differing behavior of ldapsearch
Index(es):
- Chronological
- Thread