Hi!
I can make ldap authentication to work using LDAPS in CentOS 6. On CentOS 5, I just simply set tls_cheekpeer no to /etc/ldap.conf and it works!
I tried all /etc/nslcd.conf /etc/pam_ldap.conf /etc/openldap/ldap.conf
It 's really confusing on CentOS 6. Why so many files????
CentOS 5 LDAPTLS_REQCERT=never ldapsearch -x -H ldaps://xxxx (works!)
CentOS 6 LDAPTLS_REQCERT=never ldapsearch -x -H ldaps://xxxx (Can 't connect to LDAP Server ...)
I 've been reading that there is a bug but I 'm not understanding if there is a workaround for this ...
Any ideas????
I think it's better checking it one by one.
1. check where it stuck
arp/ip/tcp
There is gonna be a layer to take the responsibility.
2. check if the ldaps works fine in Centos6 to the server
tcpdump
3. decrypt the traffic seeing if the protocol goes well
ssldump
------------ Banyan He Blog: http://www.rootong.com Email: banyan@rootong.com
On 2012-10-27 4:08 AM, Ezequiel Larrarte wrote:
Hi!
I can make ldap authentication to work using LDAPS in CentOS 6. On CentOS 5, I just simply set tls_cheekpeer no to /etc/ldap.conf and it works!
I tried all /etc/nslcd.conf /etc/pam_ldap.conf /etc/openldap/ldap.conf
It 's really confusing on CentOS 6. Why so many files????
CentOS 5 LDAPTLS_REQCERT=never ldapsearch -x -H ldaps://xxxx (works!)
CentOS 6 LDAPTLS_REQCERT=never ldapsearch -x -H ldaps://xxxx (Can 't connect to LDAP Server ...)
I 've been reading that there is a bug but I 'm not understanding if there is a workaround for this ...
Any ideas????
On 10/26/2012 01:08 PM, Ezequiel Larrarte wrote:
I tried all /etc/nslcd.conf /etc/pam_ldap.conf /etc/openldap/ldap.conf
Don't use nss-pam-ldapd and pam_ldap. Remove the packages entirely and install sssd. You'll still use authconfig to configure LDAP integration, but you'll get a stack that's better maintained and documented. See "man sssd-ldap" for ldap_tls_reqcert. Or, better, install the CA that signed your LDAP cert and refer to that with ldap_tls_cacert or ldap_tls_cacertdir.
-
Banyan He -
Ezequiel Larrarte -
Gordon Messmer