[CentOS] LDAP useradd command?
Eric B.
ebenze at hotmail.com
Tue Aug 18 16:50:03 UTC 2009
"Bill Campbell" <centos at celestial.com> wrote in
message news:20090818153023.GA23290 at ayn.mi.celestial.com...
>>>> Any ideas where I might be able to find some
>>>> help for it? I enabled full logging on my OpenLDAP server, and I
>>>> see it
>>>> failing with TLS negotiaiton for some reason, even when I don't want
>>>> it to
>>>> use TLS.
>>>
>>> 'man libuser.conf' worked well for me. from this doc you will learn
>>> that libuser requires either TLS or a ldaps:// URI.
>>
>>I've read through libuser.conf and the specific for ldap server says:
>>"A domain name or an URI of the LDAP server. The URI can use the ldap or
>>the
>>ldaps protocol. When a simple domain name is used, the connection fails if
>>TLS can not be used; an URI using the ldap protocol allows connection
>>without TLS. Default value is ldap."
>>
>>My libuser.conf reads:
>>server ldap://snoopy.domain.com/
>>
>>According to the man pages, this should allow for the connection without
>>TLS.
>
> Which man pages?
>
> As I read it, the libuser.conf file specifically says that it
> requires TLS which can connect to the ldap: URL, then requests a
> secure connection. It sounds pretty sane to me that it requires
> a secure LDAP connection to handle user maintenance.
libuser.conf man page says that "a URI using the ldap protocol allows
connection without TLS". I specified my server to be:
server = ldap://snoopy.domain.com./
but still seems to fail on TLS.
So, just to be on the safe side, I generated a self-signed certificate for
the OpenLDAP server (am using the default one that is installed in
/etc/pki/tls/certs/. I restarted the openldap server, and tested it using
Apache Directory Studio with TLS enabled. Works fine.
I then tried my luseradd command, but it still fails with the same errors
negotiating the TLS certificate. I even tried modifying the /etc/ldap.conf
file:
tls_checkpeer no
tls_reqcert never
but it still seems to fail with the same TLS error.
Any suggetsions / ideas?
Thanks!
Eric
More information about the CentOS
mailing list