On Fri, 31 Oct 2008, Scott McClanahan wrote:
On Fri, 2008-10-31 at 16:32 -0400, Steve Thompson wrote:
CentOS 5.2 with OpenLDAP 2.3.27, nss_ldap_253.13, using TLS, i686 and x86_64.
LDAP password information update failed: Referral
If I comment out "ssl start_tls", the referral to the master is followed and the password change operation succeeds. I've found references to problems with earlier releases of pam_ldap when referrals were not properly followed when using TLS, and these are supposed to be fixed; apparently not in my case. Can anyone hit me with the clue stick?
Does the common name in the certificate or the x509 v3 extensions match the hostname used in the referral in your slapd.conf? Is the certificate issued by the ldap server you are being referred to signed by a trusted CA?
Yes to both.
Steve ---------------------------------------------------------------------------- Steve Thompson E-mail: smt AT vgersoft DOT com Voyager Software LLC Web: http://www DOT vgersoft DOT com 39 Smugglers Path VSW Support: support AT vgersoft DOT com Ithaca, NY 14850 "186,300 miles per second: it's not just a good idea, it's the law" ----------------------------------------------------------------------------