[CentOS] LDAP authentication on a remote server (via ldaps://)
mbaudier at argeo.org
Wed Oct 6 08:24:44 UTC 2010
I have a central repository of users/groups based on OpenLDAP which is
working on a remote LAN (servers share users credentials and mount
their home directories via NFS). They use non-encrypted ldap
restricted to the local network.
Now, I have a few servers in our local office and I would like them to
authenticate from the remote LDAP server using encryption via
(at this stage, without using client-side certificate)
I have run a similar command as I did on the remote servers, replacing
ldap://localldapserver by ldaps://ldap.mycompany.com:
authconfig --enableldap --enableldapauth --enablecache
--enableldaptls --ldapbasedn=dc=mycompany,dc=com --passalgo=sha256
and I put the CA certificate at the right place.
(either explicitly pointing to it TLS_CACERT or downloading it to
/etc/openldap/cacerts vi system-configuration-authentication)
In all my various tests,
returns the content of the remote LDAP, so I guess that at least
openldap clients are properly configured.
But when I try:
the command hangs.
Same when I try to:
su - myuser
(I also tried configuring with the system-configuration-authentication
UI from a box with GNOME, and also tried authconfig without
So is there anything specific to authentication ldaps: that I should have done?
(as I said, this approach systematically works with plain ldap on this
same LDAP server)
Thanks in advance for your help!
Note: all systems involved are running up to date CentOS 5.5
More information about the CentOS