Hi everybody I have setting my ldap server. But I created an certificate with the following command: cd /usr/share/ssl/certs; make ldap.pem Then edit slapd.conf file a insert the following lines: TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCACertificateFile /usr/share/ssl/certs/ldap.pem TLSCertificateFile /usr/share/ssl/certs/ldap.pem TLSCertificateKeyFile /usr/share/ssl/certs/ldap.pem I restart the service. Then, I run the comando authconfig and I select ldap with tls. I review the logs ldap server a thrown the following: Mar 5 11:54:38 eucalipto slapd[711]: conn=13 fd=14 ACCEPT from IP= 172.16.12.160:33935 (IP=0.0.0.0:389) Mar 5 11:54:38 eucalipto slapd[711]: conn=13 op=0 STARTTLS Mar 5 11:54:38 eucalipto slapd[711]: conn=13 op=0 RESULT oid= err=0 text= Mar 5 11:54:39 eucalipto slapd[711]: conn=13 fd=14 closed (TLS negotiation failure) I need you help.
On 3/5/07, Alexander Lopez zepolar@gmail.com wrote:
Hi everybody I have setting my ldap server. But I created an certificate with the following command: cd /usr/share/ssl/certs; make ldap.pem Then edit slapd.conf file a insert the following lines: TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCACertificateFile /usr/share/ssl/certs/ldap.pem TLSCertificateFile /usr/share/ssl/certs/ldap.pem TLSCertificateKeyFile /usr/share/ssl/certs/ldap.pem I restart the service. Then, I run the comando authconfig and I select ldap with tls. I review the logs ldap server a thrown the following: Mar 5 11:54:38 eucalipto slapd[711]: conn=13 fd=14 ACCEPT from IP=172.16.12.160:33935 (IP=0.0.0.0:389 ) Mar 5 11:54:38 eucalipto slapd[711]: conn=13 op=0 STARTTLS Mar 5 11:54:38 eucalipto slapd[711]: conn=13 op=0 RESULT oid= err=0 text= Mar 5 11:54:39 eucalipto slapd[711]: conn=13 fd=14 closed (TLS negotiation failure) I need you help.
Add the following to /etc/openldap/ldap.conf TLS_REQCERT allow
Where do I insert the line? I run authconfing in the ldap client. Besides, I insert the line in the client and It doesn't work. In the log ldap server throw the same error.
On 3/6/07, Alexander Lopez zepolar@gmail.com wrote:
Where do I insert the line? I run authconfing in the ldap client. Besides, I insert the line in the client and It doesn't work. In the log ldap server throw the same error.
You'll probably need to put that line in the config for both the clients and the servers, as you're using self-signed certificates, and the ldap version in centos 4 is MUCH more picky about that than in centos3.
-
Alexander Lopez -
Jim Perrin