[CentOS] LDAP authentication on a remote server (via ldaps://)

Thu Oct 7 02:33:38 UTC 2010
Craig White <craigwhite at azapple.com>

On Wed, 2010-10-06 at 09:49 -0400, Scott Robbins wrote:
> On Wed, Oct 06, 2010 at 03:32:03PM +0200, Mathieu Baudier wrote:
> > > Did you, on the server, change the new, undocumented, /etc/sysconfig/ldap
> > > file's entry for SLAPD_LDAPS and restart the ldap service on the server?
> > 
> > This settings was indeed set to no.
> > 
> > I changed the settings to yes and restarted the service, but it did
> > not change anything.
> About the only other thing I can think of is an issue I ran into on
> later versions of Fedora.  Now, /etc/openldap/ldap.conf needs
> TLS_REQCERT allow, but I think that's a Fedora thing.  (On the other
> hand, we're only using CentOS as a server, not a client.)
TLS_REQCERT allow is not a Fedora thing but rather typically necessary
when you use a self-signed cert because there is no chain to a
recognized CA. Thus any client whether Fedora, Ubuntu or CentOS might
very well need that configuration.


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.