Le jeu. 15 déc. 2011 08:51:29 CET, Raffael Sahli a écrit :
OK, it's work, i have a fonctionnal slapd.d/cn=config folder, but i
don't understand why i can't access to openldap with
cn=admin,dc=parisgeo,dc=cnrs,dc=fr and good password generated by
My slapd.conf before conversion contain
On 12/15/2011 09:46 AM, rey sebastien wrote:
Le jeu. 15 déc. 2011 08:51:29 CET, Raffael Sahli a écrit :
OK, it's work, i have a fonctionnal slapd.d/cn=config folder, but i
don't understand why i can't access to openldap with
cn=admin,dc=parisgeo,dc=cnrs,dc=fr and good password generated by
Le 13/12/2011 16:48, Raffael Sahli a écrit :
On 12/13/2011 04:34 PM, rey sebastien wrote:
Le mar. 13 déc. 2011 15:16:08 CET, Raffael Sahli a écrit :
On 12/13/2011 02:59 PM, rey sebastien wrote:
Le mar. 13 déc. 2011 13:00:16 CET, Raffael Sahli a écrit :
On 12/13/2011 12:14 PM, rey sebastien
On 14.12.2011 16:54, rey sebastien wrote:
Le 13/12/2011 16:48, Raffael Sahli a écrit :
On 12/13/2011 04:34 PM, rey sebastien wrote:
Le mar. 13 déc. 2011 15:16:08 CET, Raffael Sahli a écrit :
On 12/13/2011 02:59 PM, rey sebastien wrote:
Le mar. 13 déc. 2011 13:00:16 CET, Raffael Sahli a écrit
Le mer. 14 déc. 2011 19:39:13 CET, Raffael Sahli a écrit :
On 14.12.2011 16:54, rey sebastien wrote:
Le 13/12/2011 16:48, Raffael Sahli a écrit :
On 12/13/2011 04:34 PM, rey sebastien wrote:
Le mar. 13 déc. 2011 15:16:08 CET, Raffael Sahli a écrit :
On 12/13/2011 02:59 PM, rey sebastien
Please trim irrelevant text from your emails. Please update your Subject line
to something relevant to the actual discussion topic.
Raffael Sahli wrote:
On 14.12.2011 16:54, rey sebastien wrote:
Le 13/12/2011 16:48, Raffael Sahli a écrit :
Hi!
It's not easy to start with zero configuration
OK, it's work, i have a fonctionnal slapd.d/cn=config folder, but i
don't understand why i can't access to openldap with
cn=admin,dc=parisgeo,dc=cnrs,dc=fr and good password generated by
My slapd.conf before conversion contain the SSHA password generated by
slappasswd for rootDn :
-
After what, you are right, you and other to point the old debian
package, so i try to recompile the last release with open-ssl. This is
the best solution, i agree.
I try to compile with this option :
./configure --with-tls=openssl --with-threads --with-cyrus-sasl
--enable-crypt --enable-debug
On 12/13/2011 10:12 AM, rey sebastien wrote:
After what, you are right, you and other to point the old debian
package, so i try to recompile the last release with open-ssl. This is
the best solution, i agree.
I try to compile with this option :
./configure --with-tls=openssl --with-threads
Le mar. 13 déc. 2011 11:08:43 CET, Raffael Sahli a écrit :
On 12/13/2011 10:12 AM, rey sebastien wrote:
After what, you are right, you and other to point the old debian
package, so i try to recompile the last release with open-ssl. This
is the best solution, i agree.
I try to compile with
On 12/13/2011 12:14 PM, rey sebastien wrote:
Le mar. 13 déc. 2011 11:08:43 CET, Raffael Sahli a écrit :
On 12/13/2011 10:12 AM, rey sebastien wrote:
After what, you are right, you and other to point the old debian
package, so i try to recompile the last release with open-ssl. This
is the best
Le mar. 13 déc. 2011 13:00:16 CET, Raffael Sahli a écrit :
On 12/13/2011 12:14 PM, rey sebastien wrote:
Le mar. 13 déc. 2011 11:08:43 CET, Raffael Sahli a écrit :
On 12/13/2011 10:12 AM, rey sebastien wrote:
After what, you are right, you and other to point the old debian
package, so i try to
On 12/13/2011 02:59 PM, rey sebastien wrote:
Le mar. 13 déc. 2011 13:00:16 CET, Raffael Sahli a écrit :
On 12/13/2011 12:14 PM, rey sebastien wrote:
Le mar. 13 déc. 2011 11:08:43 CET, Raffael Sahli a écrit :
On 12/13/2011 10:12 AM, rey sebastien wrote:
After what, you are right, you and other
Le mar. 13 déc. 2011 15:16:08 CET, Raffael Sahli a écrit :
On 12/13/2011 02:59 PM, rey sebastien wrote:
Le mar. 13 déc. 2011 13:00:16 CET, Raffael Sahli a écrit :
On 12/13/2011 12:14 PM, rey sebastien wrote:
Le mar. 13 déc. 2011 11:08:43 CET, Raffael Sahli a écrit :
On 12/13/2011 10:12 AM,
On 12/13/2011 04:34 PM, rey sebastien wrote:
Le mar. 13 déc. 2011 15:16:08 CET, Raffael Sahli a écrit :
On 12/13/2011 02:59 PM, rey sebastien wrote:
Le mar. 13 déc. 2011 13:00:16 CET, Raffael Sahli a écrit :
On 12/13/2011 12:14 PM, rey sebastien wrote:
Le mar. 13 déc. 2011 11:08:43 CET,
Hi,
I am using openldap-2.4.19-4.x86_64 on fedora 12 machine. I have enabled
openldap SSL/TLS. How do I know (test) that I am using SSL/TLS connections
instead of normal ldap:///?
--
Thanks Regards,
Jayavant Ningoji Patil
Engineer: System Software
Computational Research Laboratories Ltd.
With the option -ZZ i think, try this
ldapsearch -x -LLL -ZZ -d 150
On Mon, Dec 12, 2011 at 11:21 AM, Jayavant Patil jayavant.pati...@gmail.com
wrote:
Hi,
I am using openldap-2.4.19-4.x86_64 on fedora 12 machine. I have enabled
openldap SSL/TLS. How do I know (test) that I am using
To run with tls or die, ldapsearch -ZZ (man ldapsearch for explanation)
You could make the server require clients use tls and finally run
tcpdump / wireshark with and without tls and see if you can see
results in plaintext
Mark
On 12 Dec 2011, at 10:40 a.m., Jayavant Patil
Hi,
On Mon, Dec 12, 2011 at 4:19 PM, reyman reyma...@gmail.com wrote:
With the option -ZZ i think, try this
ldapsearch -x -LLL -ZZ -d 150
Yeah, It shows output containing ber_dump, ldap_write,ldap_read, tls_write,
tls_read etc. But at the end is shows the following:
TLS certificate
You have a self signed certificate, so you don't need to verify your
certificate.
When you activate the tls on ldap, you only need this two lines, and you
don't need the line with certificate verification* olcTLSCACertificateFile
: *
dn: cn=config
add: olcTLSCertificateFile
olcTLSCertificateFile:
reyman wrote:
You have a self signed certificate,
Correct.
so you don't need to verify your certificate.
When you activate the tls on ldap, you only need this two lines, and you don't
need the line with certificate verification*olcTLSCACertificateFile : *
Wrong.
RTFM.
Le 12/12/2011 19:24, Howard Chu a écrit :
reyman wrote:
You have a self signed certificate,
Correct.
so you don't need to verify your certificate.
When you activate the tls on ldap, you only need this two lines, and
you don't
need the line with certificate
rey sebastien wrote:
Le 12/12/2011 19:24, Howard Chu a écrit :
reyman wrote:
You have a self signed certificate,
Correct.
so you don't need to verify your certificate.
When you activate the tls on ldap, you only need this two lines, and you don't
need the line with certificate
On 12.12.2011 21:55, rey sebastien wrote:
Le 12/12/2011 21:07, Howard Chu a écrit :
rey sebastien wrote:
Le 12/12/2011 19:24, Howard Chu a écrit :
reyman wrote:
You have a self signed certificate,
Correct.
so you don't need to verify your certificate.
When you activate the tls on ldap,
--On Monday, December 12, 2011 9:55 PM +0100 rey sebastien
reyma...@gmail.com wrote:
IMHO i know this problem but i think this is better than nothing, and
actually i have nothing. I wait for valid certificate...
And sorry but your RTFM answer doesn't help me to resolve this problem
with gnutls
25 matches
Mail list logo