is not the same /etc/ldap.conf
than /etc/openldap/ldap.conf seems that you're missing second one. While attempting to change a directory password I keep getting this message… [root@xxx ~]# ldappasswd -x -ZZ -D "cn=directory manager" -w “mypass” uid=se253264,ou=people,dc=xxx,dc=cle=dc=us" -a "oldpass" -s "newpass" ldap_start_tls: Connect error (-11) additional info: Start TLS request accepted.Server willing to negotiate SSL. In researching this I found to add –d1 for additional debugging information and found this probably relevant TLS: could not load client CA list (file:`',dir:`/etc/openldap/cacerts/cacert.asc'). TLS: error:0200A014:system library:opendir:Not a directory ssl_cert.c:816 TLS: error:140D7002:SSL routines:SSL_add_dir_cert_subjects_to_stack:system lib ssl_cert.c:818 ldap_perror I do have the following in my /etc/ldap.conf file ssl yes tls_cacertdir /etc/openldap/cacerts TLS_REQCERT allow pam_password exop And the cacert.asc does exist in that directory. This is the cacert.asc that was created during setup of this machine using the setupssl.sh script and I copied it to the requested directory. I am not seeing anything additional on the HowtoSSL page and realize that TLS is necessary for the password change function. Thanks for any help you may have. I am also under the impression I am supposed to copy the cacert.asc to each client machine so they can authenticate against the cert. is this true also? David Hoskinson | DATATRAK International Systems Engineer Mayfield Heights, Ohio, USA +1.440.443.0082 x 124 (p ) | +1.216 .280.5457 (m) david.hoskin...@datatrak.net | www.datatrak.net -- 389 users mailing list 389-us...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-us...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
