[Fedora-directory-users] Setting up a redhat client for ssl
Steven Jones
Steven.Jones at vuw.ac.nz
Mon Sep 17 18:28:35 UTC 2007
Hi,
Please ignore the previous post I will go shoot myself....
I was testing with two clients and had the ca.crt on one but was working
on the other, so it is not surprising it did not work....
Doh.....
So once I scp'd over the file, both rhas4 clients work....
Doh.....
My final /etc/ldap.conf looks like this,
# http://www.padl.com
URI ldap://ldap.vuw.ac.nz
#host 130.195.87.249
base dc=vuw,dc=ac,dc=nz
#ssl no
#ssl on
pam_password md5
#HOST 130.195.87.249
BASE dc=vuw,dc=ac,dc=nz
#tls_cacertdir /etc/openldap/cacerts
tls_cacertfile /etc/openldap/cacerts/ca.crt
TLS_REQCERT allow
#TLS_REQCERT never
host ldap.vuw.ac.nz
ssl start_tls
The access log shows this while doing a ssh into the (LDAP) client,
[root at vuwunicvfdsm001 logs]# tail -f access
[18/Sep/2007:06:15:14 +1200] conn=2370 op=-1 fd=74 closed - B1
[18/Sep/2007:06:15:18 +1200] conn=2376 fd=71 slot=71 connection from
130.195.87.250 to 130.195.87.249
[18/Sep/2007:06:15:18 +1200] conn=2376 op=0 EXT
oid="1.3.6.1.4.1.1466.20037" name="startTLS"
[18/Sep/2007:06:15:18 +1200] conn=2376 op=0 RESULT err=0 tag=120
nentries=0 etime=0
[18/Sep/2007:06:15:18 +1200] conn=2376 SSL 256-bit AES
8><---------
So this is now all correct?
regards
Steven Jones
Senior Linux/Unix/San/Vmware System Administrator
APG -Technology Integration Team
Victoria University of Wellington
Phone: +64 4 463 6272
More information about the Fedora-directory-users
mailing list