On Sunday, 11 April 2010 05:59:47 Meena Ram wrote:
Hello Sarati;
I wanted the following thing to work. Like i would like to do a ldapsearch
for multiple domains. At present when i try to slapadd for an entry into
the second domain it fails.
Since you didn't provide the commandline you
Hi,
Ok, i understand that the problem is authorization, but when i supress
the back-ldap proxy from my scenario it works.
I am going to give more details.
First Scenario:
-
A delta syncrepl server replicating from the first server of a mirror.
IPs: delta syncrepl
Hi,
since a couple of days I try to setup a provider and a consumer over ssl
following the documentation in a book [1] an dusing two servers. (Red
Hat 5.x, openssl-0.9.8e-12, openldap-2.3.43-3 )
Doing so I was confronted with a lot off different warnings/messages but
finaly I got the replication
Dear Patrick,
please read the manpage of ldapmodify on how to delete a DN.
Thanks.
On Mon, Apr 12, 2010 at 11:43, Patrick Mburu patrick_li...@yahoo.comwrote:
Hi guys i get this output from slapcat;
dn: dc=mycompany,dc=com
objectClass: dcObject
objectClass: organization
o: mycompany
dc:
Götz Reinicke - IT-Koordinator goetz.reini...@filmakademie.de writes:
Hi,
[...]
I noticed and googeled some provider debug info and wanted to ask for
some prove or clarification or work around:
From the provider log:
TLS certificate verification: Error, unsupported certificate purpose
...
Hey Neil,
thanks for the tip, I might try re-compiling it with the options you
mentioned. The things is, at the moment (and for the last couple of
days), all has been working flawlessly, even on phpldapadmin (with which
I always had those issues), so I cannot reproduce the error anymore (and
Götz Reinicke - IT-Koordinator goetz.reini...@filmakademie.de writes:
Dieter Kluenter schrieb:
Götz Reinicke - IT-Koordinator goetz.reini...@filmakademie.de writes:
Hi,
[...]
I noticed and googeled some provider debug info and wanted to ask for
some prove or clarification or work around:
Hi,
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
You can use this Certificate only for Server, not for
Client-authentication.
Netscape Cert Type: should be
SSL Client, SSL Server
if
Hi,
Ok, i understand that the problem is authorization, but when i supress
the back-ldap proxy from my scenario it works.
I am going to give more details.
First Scenario:
-
A delta syncrepl server replicating from the first server of a mirror.
IPs: delta syncrepl
Hi Klaus,
thanks a lot. Just two minute ago I finished my two-hour-google-look up
ending in the same direction :-)
A posting from Howard Chu pointed into the right direction:
http://www.openldap.org/lists/openldap-software/200704/msg00129.html
Than of to -
I have created a cert. on the server and openldap starts without any issues,
however when I attempt to connect via ldaps I keep getting the following
error:
ldapsearch -x -H ldaps://localhost:636 -D cn=Manager,dc=testing,dc=com -W
-b dc=testing,dc=com (objectClass=top)
Enter LDAP Password:
/etc/ldap.conf is used by nss tools and the ilk.
/etc/openldap/ldap.conf would be used by openldap tools - like ldapsearch.
I have the same setting there for tls_checkpeer - but in the latter ldap.conf
(under openldap).
FWIW: there's apparently no real different format for the two files; while
Chris Jacobs wrote:
/etc/ldap.conf is used by nss tools and the ilk.
/etc/openldap/ldap.conf would be used by openldap tools - like ldapsearch.
Actually it's used by libldap, which means everything that uses libldap
(including nss_ldap). But of course the converse is not true, /etc/ldap.conf
I ran into various issues with OpenLDAP + SSL/TLS. Finally, I ended up
tunneling via stunnel. Something you might want to consider?
Siddhartha
From: openldap-technical-bounces+sjain=silverspringnet@openldap.org
[mailto:openldap-technical-bounces+sjain=silverspringnet@openldap.org]
As that might be a viable option, at this point it is not. I have too many
servers that will be getting the user information from LDAP, I would much
rather just copy a couple certs instead of installing stunnel.. unless, I
am missing something here?
*From:* Siddhartha Jain
--On Monday, April 12, 2010 2:20 PM -0400 Lynn York
lynn.y...@mavenwire.com wrote:
TLS certificate verification: depth: 0, err: 18, subject:
/C=US/ST=Pennsylvania/L=King of Prussia/O=MavenWire,
LLC/OU=Support/CN=testing.com/emailaddress=mw-hosting-sysad...@testing.co
m, issuer:
Here is my /etc/openldap/ldap.conf:
uri ldaps://localhost
base cn=users,dc=testing,dc=com
tls_cacert /etc/openldap/cacerts/ca.key
tls_cacertdir /etc/openldap/cacerts
tls_reqcert allow
After adding the TLS options in there, I get the following:
ldapsearch -d1 -x -H ldaps://localhost:636/
--On Monday, April 12, 2010 6:13 PM -0400 Lynn York
lynn.y...@mavenwire.com wrote:
Here is my /etc/openldap/ldap.conf:
uri ldaps://localhost
base cn=users,dc=testing,dc=com
tls_cacert /etc/openldap/cacerts/ca.key
tls_cacertdir /etc/openldap/cacerts
tls_reqcert allow
You specify *one* of the
18 matches
Mail list logo
