[CentOS] LDAP and expired passwords

Filipe Brandenburger filbranden at gmail.com
Sat Nov 1 19:26:26 UTC 2008


Hi Steve,

On Sat, Nov 1, 2008 at 09:30, Steve Thompson <smt at vgersoft.com> wrote:
>> # grep ^updateref /etc/openldap/slapd.conf
>
>        updateref ldaps://ldap1.cbe.cornell.edu

If you are using "ssl start_tsl" you have to use ldap:// and not
ldaps:// in your referrals, otherwise LDAP client will try to open a
TLS session inside the connection which is already a SSL session. If
you change that in your configuration file, it should work fine.

Alternatively you could use ldaps:// on the clients instead, by using
"ssl on" or "uri ldaps://..." instead of "host ...".

HTH,
Filipe


More information about the CentOS mailing list