Dieter Kluenter wrote:
James <[EMAIL PROTECTED]> writes:
Dieter Kluenter wrote:
Hi,
James <[EMAIL PROTECTED]> writes:
Dieter Kluenter wrote:
"Dieter Kluenter" <[EMAIL PROTECTED]> writes:
James <[EMAIL PROTECTED]> writes:
[...]
And what is the TLS part of the consumer slapd.conf looking like?
Sorry, my fault, it should read ldap.conf
-Dieter
timelimit 120
bind_timelimit 120
idle_timelimit 3600
nss_initgroups_ignoreusers
root,ldap,named,avahi,haldaemon,postfix,messagebus
URI ldaps://master.example.com
BASE dc=example,dc=com
ldap_version 3
pam_password exop
ssl on
tls_ciphers HIGH:MEDIUM:+SSLv2:RSA
tls_checkpeer no
TLS_CACERT /etc/ssl/cacert.pem
TLS_REQCERT allow
Most of this are not valid parameters for OpenLDAP. This file is a
mixture of pam_ldap.conf and openldap/ldap.conf
does that cause problems? because i just symlink libnss-ldap.conf and
pam_ldap.conf to ldap.conf for ease of management
If it does cause problems can you give me an example of what to
separate out where?
It may cause problems in so far, that clients may refuse to recognise
the file contents as valid parameters.
You may strace or truss the slapd pid to view the files opend and
read.
-Dieter
just for reference in case anybody else happens to have this little problem.
I solved it by stripping the password from the key ssl files on the
master and slave servers running ldaps: so that they didn't prompt for
password when i start slapd
like:
openssl rsa -in master.key -out master.key.clear
