On Wed, 28 Nov 2012, Rob "Bubba" Hines wrote:
> I'm struggling to get TLS working with LAM, though my other tools appear to
> work fine. It is not a self-signed cert, and other tools appear to be using
> TLS fine. The logs even appear to indicate that the TLS connection is
> properly setup from slapd. I am thoroughly confused.
>
> This is what I'm seeing in syslog when trying to use TLS with LAM:
>
> Nov 28 19:09:33 localhost slapd[14912]: conn=1011 fd=16 ACCEPT from
> IP=[2001:4801:7812:70:1d2b:54d0:ff10:2ade]:57742 (IP=[::]:389)
> Nov 28 19:09:33 localhost slapd[14912]: conn=1011 op=0 EXT
> oid=1.3.6.1.4.1.1466.20037
> Nov 28 19:09:33 localhost slapd[14912]: conn=1011 op=0 STARTTLS
^^^^^^^^^
Use the FQDN of this host.
[snip]
>
> And TLS appears to work just fine run via ldapsearch:
[snip]
> # See ldap.conf(5) for details
> # This file should be world readable but not world writable.
>
> BASE dc=planroomhost,dc=com
> URI ldap://dc.planroomhost.com
Yes, the URI has the FQDN.
> #SIZELIMIT 12
> #TIMELIMIT 15
> #DEREF never
>
> # TLS certificates (needed for GnuTLS)
> TLS_CACERT /etc/ssl/certs/ca-certificates.crt
> LDAPTLS_CACERT /etc/ssl/certs/ca-certificates.crt
> TLS_REQCERT allow
>
--
Tim Rice Multitalents (707) 456-1146
t...@multitalents.net (707) 887-1469
------------------------------------------------------------------------------
Keep yourself connected to Go Parallel:
VERIFY Test and improve your parallel project with help from experts
and peers. http://goparallel.sourceforge.net
_______________________________________________
Lam-public mailing list
Lam-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lam-public
