"Bill Campbell" centos@celestial.com wrote in message news:20090818153023.GA23290@ayn.mi.celestial.com...
Any ideas where I might be able to find some help for it? I enabled full logging on my OpenLDAP server, and I see it failing with TLS negotiaiton for some reason, even when I don't want it to use TLS.
'man libuser.conf' worked well for me. from this doc you will learn that libuser requires either TLS or a ldaps:// URI.
I've read through libuser.conf and the specific for ldap server says: "A domain name or an URI of the LDAP server. The URI can use the ldap or the ldaps protocol. When a simple domain name is used, the connection fails if TLS can not be used; an URI using the ldap protocol allows connection without TLS. Default value is ldap."
My libuser.conf reads: server ldap://snoopy.domain.com/
According to the man pages, this should allow for the connection without TLS.
Which man pages?
As I read it, the libuser.conf file specifically says that it requires TLS which can connect to the ldap: URL, then requests a secure connection. It sounds pretty sane to me that it requires a secure LDAP connection to handle user maintenance.
libuser.conf man page says that "a URI using the ldap protocol allows connection without TLS". I specified my server to be: server = ldap://snoopy.domain.com./
but still seems to fail on TLS.
So, just to be on the safe side, I generated a self-signed certificate for the OpenLDAP server (am using the default one that is installed in /etc/pki/tls/certs/. I restarted the openldap server, and tested it using Apache Directory Studio with TLS enabled. Works fine.
I then tried my luseradd command, but it still fails with the same errors negotiating the TLS certificate. I even tried modifying the /etc/ldap.conf file: tls_checkpeer no tls_reqcert never
but it still seems to fail with the same TLS error.
Any suggetsions / ideas?
Thanks!
Eric