[CentOS] LDAP useradd command?

Eric B. ebenze at hotmail.com
Tue Aug 18 16:50:03 UTC 2009


"Bill Campbell" <centos at celestial.com> wrote in 
message news:20090818153023.GA23290 at ayn.mi.celestial.com...
>>>> Any ideas where I might be able to find some
>>>> help for it?  I enabled full logging on my OpenLDAP server, and I
>>>> see it
>>>> failing with TLS negotiaiton for some reason, even when I don't want
>>>> it to
>>>> use TLS.
>>>
>>> 'man libuser.conf' worked well for me. from this doc you will learn
>>> that libuser requires either TLS or a ldaps:// URI.
>>
>>I've read through libuser.conf and the specific for ldap server says:
>>"A domain name or an URI of the LDAP server. The URI can use the ldap or 
>>the
>>ldaps protocol. When a simple domain name is used, the connection fails if
>>TLS can not be used; an URI using the ldap protocol allows connection
>>without TLS. Default value is ldap."
>>
>>My libuser.conf reads:
>>server    ldap://snoopy.domain.com/
>>
>>According to the man pages, this should allow for the connection without
>>TLS.
>
> Which man pages?
>
> As I read it, the libuser.conf file specifically says that it
> requires TLS which can connect to the ldap: URL, then requests a
> secure connection.  It sounds pretty sane to me that it requires
> a secure LDAP connection to handle user maintenance.

libuser.conf man page says that "a URI using the ldap protocol allows 
connection without TLS".  I specified my server to be:
server = ldap://snoopy.domain.com./

but still seems to fail on TLS.

So, just to be on the safe side, I generated a self-signed certificate for 
the OpenLDAP server (am using the default one that is installed in 
/etc/pki/tls/certs/.  I restarted the openldap server, and tested it using 
Apache Directory Studio with TLS enabled.  Works fine.

I then tried my luseradd command, but it still fails with the same errors 
negotiating the TLS certificate.  I even tried modifying the /etc/ldap.conf 
file:
tls_checkpeer   no
tls_reqcert     never

but it still seems to fail with the same TLS error.

Any suggetsions / ideas?

Thanks!

Eric










More information about the CentOS mailing list