> On Thu, 21 Sep 2006, Nick Couchman wrote:
>> When I try to set the port to 636 in the res_ldap.conf file, I get bind
>> errors ("Can't contact server..."). I imagine this is an issue with
>> certificates and trust, but I'm not exactly sure where I need to put my
>> CA certificate in order to make the ldap module happy.
> Probably wherever openssl looks for them. Try /etc/pki/tls/certs/,
> /etc/ssl/certs/ or /usr/share/ssl/certs/, depending on your distro. You'll
> also need to symlink the certificate to its hash, check the openssl docs
> if you haven't done this before.
I've just finished trying this and I still get an error when Asterisk tries to connect. I have a couple other things I need to try (I need to try to adjust my CA a little bit), but if anyone else has other suggestions for me, I'd appreciate it.
>> I've tried to use tcpdump to see this data, but tcpdump doesn't grab the
>> full packet, it truncates it at a certain point, so I can't see the
>> data.
> Try doing your tcpdump with "‑s 0" ‑ it tells tcpdump to "snarf" the whole
> packet
> Even better, use wireshark (the new name for ethereal). It'll do a very
> nice job (I tend to find better than tcpdump) at showing you the contents
> of you ldap queries and responses.
I was using ethereal to interpret the data, but my servers don't have X on them so it's hard to run Ethereal or Wireshark directly on the server. So, I use tcpdump to capture to a file, then copy to my workstation and use Ethereal to open it.
> I haven't gotten around to playing with direct integration with asterisk
> and ldap, so I can't help on your other issues.
Nick Couchman
Systems Integrator
SEAKR Engineering, Inc.
6221 South Racine Circle
Centennial, CO 80111
Main: (303) 790-8499
Fax: (303) 790-8720
Web: http://www.seakr.com
_______________________________________________ --Bandwidth and Colocation provided by Easynews.com --
asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
