LDAP SSL Problems (was: service script (/etc/init.d/ldap))
Nigel Wade
nmw at ion.le.ac.uk
Wed Nov 16 09:52:10 UTC 2005
Daniel B. Thurman wrote:
>>From: fedora-list-bounces at redhat.com
>>[mailto:fedora-list-bounces at redhat.com]On Behalf Of Craig White
>>Sent: Monday, November 14, 2005 5:10 PM
>>To: For users of Fedora Core releases
>>Subject: RE: LDAP SSL Problems (was: service script (/etc/init.d/ldap))
>>
>>
>>On Mon, 2005-11-14 at 16:42 -0800, Daniel B. Thurman wrote:
>>
>>
>>>See: if LANG=C klist -k "$KRB5_KTNAME" | tail -n 4 | awk
>>
>>'{print $2}' |
>>
>>>===============^^^^^
>>>s/b ===========$klist
>>
>>----
>>your previous email referenced the missing '$' on the word kinit not
>>klist which was significant since kinit doesn't exist in the file but
>>klist clearly does in a number of places. I understand how you
>>transposed it though - going buggy after typing it a number of times it
>>probably just flowed naturally through your fingers.
>>
>>Craig
>>
>>
>
>
> Yea... sorry... I was trying to solve my problem with ldap
> and it was getting a bit frustrating - so I lost it somewhere
> when my fingers starting running away from me :-)
>
> Your certificate creation method did not work. I saw that I
> had to change the openssl.cnf path and I did get the two
> files: ldap.csr and ldap.key but missing is ca.certs and
> ca.key.
>
> Dan
>
I've just been setting up an LDAP server today (not using Kerberos, but that
might come at some point). I created a CA certificate and server certificate
using the instructions here:
http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html
--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw at ion.le.ac.uk
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
More information about the fedora-list
mailing list