What version of OpenSSL is required for OpenLDAP 2.4.35

I am compiling OpenLDAP 2.4.35 with OpenSSL 1.0.0a. The compilation and building the library works fine. However, when I am using the OpenLDAP client ldapsearch the tool fails with these errors: [root@xMachine openldap-2.4.35]# ./ldaplib/bin/ldapsearch -H ldaps:// 192.168.1.51:10636 -d 5

Re: password policy error: Password policy only allows one password value

Hi, think I found the reason why changing the password didn't work and I think it's a bug. If the password policy overlay is used slapd needs to be restarted every time the olcPasswordHash parameter changes. For example change the olcPasswordHash from {SHA} to {SSHA}. Changing the password

Re: What version of OpenSSL is required for OpenLDAP 2.4.35

--On Friday, June 14, 2013 5:22 PM +0530 Ashwin Kumar ashwinkumar...@gmail.com wrote: I am compiling OpenLDAP 2.4.35 with OpenSSL 1.0.0a. The compilation and building the library works fine.  However, when I am using the OpenLDAP client ldapsearch the tool fails with these errors:

Re: translucent overlay and orphaned local entry when remote entry moves

Steve Eckmann wrote: Is there a standard way to recover a local entry when its proxied entry is moved, that is, when a remote DN changes? It looks like the local entry and its attribute values become inaccessible via ldapsearch. I found the orphaned entry in the output of slapcat, but the man

LDAP and TLS

Hi, In order to for LDAP to work with TLS, does the certificate names need to match the server name? My admin gave me a certificate but it's called wildcard.com.cert, the name of my server is not 'wildcard'. usaims This email message is intended for the use of the person to whom it

Re: LDAP and TLS

Yes On Jun 14, 2013, at 3:06 PM, Rodney Simioni rodney.simi...@verio.net wrote: Hi, In order to for LDAP to work with TLS, does the certificate names need to match the server name? My admin gave me a certificate but it’s called wildcard.com.cert, the name of my server is not

Re: LDAP and TLS

On 06/14/13 14:42 -0400, Rodney Simioni wrote: Hi, In order to for LDAP to work with TLS, does the certificate names need to match the server name? My admin gave me a certificate but it's called wildcard.com.cert, the name of my server is not 'wildcard'. Analyze the contents of the cert and

RE: LDAP and TLS

I did a 'openssl x509 -in wildcard.securesites.com.cert -text -noout' I got 'CN=*.securesites.com' My /etc/openldap/cacerts looks like: TLS_CACERTDIR /etc/openldap/cacerts TLS_CACERT /etc/openldap/cacerts/wildcard.securesites.com.cert URI ldap://fl1-lsh99apa007.securesites.com/ BASE

Re: LDAP and TLS

On 06/14/13 15:56 -0400, Rodney Simioni wrote: I did a 'openssl x509 -in wildcard.securesites.com.cert -text -noout' I got 'CN=*.securesites.com' My /etc/openldap/cacerts looks like: TLS_CACERTDIR /etc/openldap/cacerts TLS_CACERT /etc/openldap/cacerts/wildcard.securesites.com.cert URI

RE: translucent overlay and orphaned local entry when remote entry moves

Thanks, Howard. That was going to be my next question. Regards, Steve -Original Message- From: Howard Chu [mailto:h...@symas.com] Sent: Friday, June 14, 2013 11:14 AM To: Steve Eckmann; openldap-technical@openldap.org Subject: Re: translucent overlay and orphaned local entry when remote

RE: LDAP and TLS

So you are saying remove those TLS lines from /etc/openldap/ldap.conf and put them in the ldif file as: olcTLSCACertificateFile: /etc/openldap/cacerts/wildcard.securesites.com.cert olcTLSCertificateFile: /etc/openldap/cacerts/wildcard.securesites.com.csr olcTLSCertificateKeyFile:

Re: LDAP and TLS

On 06/14/13 16:28 -0400, Rodney Simioni wrote: So you are saying remove those TLS lines from /etc/openldap/ldap.conf and put them in the ldif file as: olcTLSCACertificateFile: /etc/openldap/cacerts/wildcard.securesites.com.cert olcTLSCertificateFile: