[CentOS] LDAP authentication on a remote server (via ldaps://)

Thu Oct 7 02:33:38 UTC 2010
Craig White <craigwhite at azapple.com>

On Wed, 2010-10-06 at 09:49 -0400, Scott Robbins wrote:
> On Wed, Oct 06, 2010 at 03:32:03PM +0200, Mathieu Baudier wrote:
> > > Did you, on the server, change the new, undocumented, /etc/sysconfig/ldap
> > > file's entry for SLAPD_LDAPS and restart the ldap service on the server?
> > 
> > This settings was indeed set to no.
> > 
> > I changed the settings to yes and restarted the service, but it did
> > not change anything.
> 
> About the only other thing I can think of is an issue I ran into on
> later versions of Fedora.  Now, /etc/openldap/ldap.conf needs
> TLS_REQCERT allow, but I think that's a Fedora thing.  (On the other
> hand, we're only using CentOS as a server, not a client.)
----
TLS_REQCERT allow is not a Fedora thing but rather typically necessary
when you use a self-signed cert because there is no chain to a
recognized CA. Thus any client whether Fedora, Ubuntu or CentOS might
very well need that configuration.

Craig



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.