[CentOS] LDAP and expired passwords
Steve Thompson
smt at vgersoft.com
Sat Nov 1 13:30:41 UTC 2008
On Fri, 31 Oct 2008, Filipe Brandenburger wrote:
Hi Felipe; many thanks for your reply.
> # grep ^updateref /etc/openldap/slapd.conf
updateref ldaps://ldap1.cbe.cornell.edu
> # openssl x509 -text -in $(grep -i ^tlscertificatefile
> /etc/openldap/slapd.conf | awk '{print$2}') | grep Subject:
master (line continuations added):
Subject: C=US, ST=New York, O=Cornell School of Chemical and \
Biomolecular Engineering/emailAddress=certs at cbe.cornell.edu, \
CN=ldap1.cbe.cornell.edu
slave:
Subject: C=US, ST=New York, O=Cornell School of Chemical and \
Biomolecular Engineering/emailAddress=certs at cbe.cornell.edu, \
CN=asimov.cbe.cornell.edu
> What is the issuer of each certificate?
Same on master and all slaves:
Issuer: O=Cornell School of Chemical and Biomolecular Engineering,
L=Ithaca, ST=New York, C=US,
CN=cbe.cornell.edu/emailAddress=certs at cbe.cornell.edu
> Could you also send the /etc/ldap.conf of the client where you are
> trying to change the password?
host asimov.cbe.cornell.edu
referrals yes
base dc=cbe,dc=cornell,dc=edu
ldap_version 3
binddn cn=kelvin.cbe.cornell.edu,ou=Binddn,dc=cbe,dc=cornell,dc=edu
bindpw XXXXXXXXX
timelimit 120
bind_timelimit 5
bind_policy soft
idle_timelimit 3600
pam_password exop
nss_base_passwd ou=People,dc=cbe,dc=cornell,dc=edu?one
nss_base_shadow ou=People,dc=cbe,dc=cornell,dc=edu?one
nss_base_group ou=Group,dc=cbe,dc=cornell,dc=edu?one
nss_base_hosts ou=Hosts,dc=cbe,dc=cornell,dc=edu?one
nss_base_services ou=Services,dc=cbe,dc=cornell,dc=edu?one
nss_base_networks ou=Networks,dc=cbe,dc=cornell,dc=edu?one
nss_base_protocols ou=Protocols,dc=cbe,dc=cornell,dc=edu?one
nss_base_rpc ou=Rpc,dc=cbe,dc=cornell,dc=edu?one
nss_base_ethers ou=Ethers,dc=cbe,dc=cornell,dc=edu?one
nss_base_netmasks ou=Networks,dc=cbe,dc=cornell,dc=edu?ne
nss_base_bootparams ou=Ethers,dc=cbe,dc=cornell,dc=edu?one
nss_base_aliases ou=Aliases,dc=cbe,dc=cornell,dc=edu?one
nss_base_netgroup ou=Netgroup,dc=cbe,dc=cornell,dc=edu?one
ssl start_tls
tls_checkpeer yes
tls_cacertdir /etc/openldap/cacerts
tls_ciphers TLSv1
-Steve
More information about the CentOS
mailing list