On Fri, 31 Oct 2008, Scott McClanahan wrote: > On Fri, 2008-10-31 at 16:32 -0400, Steve Thompson wrote: >> CentOS 5.2 with OpenLDAP 2.3.27, nss_ldap_253.13, using TLS, i686 and >> x86_64. >> >> LDAP password information update failed: Referral >> >> If I comment out "ssl start_tls", the referral to the master is followed >> and the password change operation succeeds. I've found references to >> problems with earlier releases of pam_ldap when referrals were not >> properly followed when using TLS, and these are supposed to be fixed; >> apparently not in my case. Can anyone hit me with the clue stick? > > Does the common name in the certificate or the x509 v3 extensions match > the hostname used in the referral in your slapd.conf? Is the > certificate issued by the ldap server you are being referred to signed > by a trusted CA? Yes to both. Steve ---------------------------------------------------------------------------- Steve Thompson E-mail: smt AT vgersoft DOT com Voyager Software LLC Web: http://www DOT vgersoft DOT com 39 Smugglers Path VSW Support: support AT vgersoft DOT com Ithaca, NY 14850 "186,300 miles per second: it's not just a good idea, it's the law" ----------------------------------------------------------------------------