NetBSD-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Using LDAP for auth against LINUX
Uwe Lienig wrote:
> Johnny Billquist wrote:
>>> Watch the logs on the ldap server when you use getent to see if it is
>>> actually performing the search, or even trying to connect.
> Ok, got some new bits with this issue.
> In the log of the LDAP server there are some messages that prove PAM is using
> LDAP and tries to use TLS
>
> -------- snip ----------
> Jan 6 17:36:58 srv slapd[4614]: conn=10832 fd=40 ACCEPT from \
> IP=ip.addr.of.host:62361 (IP=0.0.0.0:389)
> Jan 6 17:36:58 srv slapd[4614]: conn=10832 op=0 STARTTLS
> Jan 6 17:36:58 srv slapd[4614]: conn=10832 op=0 RESULT oid= err=0 text=
> Jan 6 17:36:58 srv slapd[4614]: conn=10832 fd=40 closed \
> (TLS negotiation failure)
> -------- snip ----------
>
> What wonders me is, that using ldapsearch no STARTTLS message is logged
>
> When I use a simple search
>
> $ > ldapsearch 'uid=tst'
>
> I get the correct answer. In the LDAP server log I can see
I'd suggesting adding '-ZZ' to the ldapsearch parameters to force it to
use TLS... I'm guessing it will fail because it doesn't like the remote
cert.
Try adding "TLS_REQCERT never" to your ldap.conf (or other config file)
file and see if that helps. I've not used LDAP with PAM etc, but I do
use that with other mechanisms.
HTH,
Mike.
--
"You don't see FreeBSD developers sitting in a smoke-filled room
plotting the overthrow of Microsoft. We sit in light, airy rooms and
plot where to get the best drinks." - Michael Lucas
Home |
Main Index |
Thread Index |
Old Index