[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ldap tunneling question
Em Fri, Jun 02, 2000 at 03:19:45PM -0500, blair christensen escreveu:
> now, what i would like to do is have blammo authenticate via ldap,
> using odin as its ldap server. as i don't want the ldap information
> sent across the wire in the clear, i thought i would forward ldap
> requests sent to blammo:389 via stunnel to odin.
I'm using such a setup for days and it works. It must be something simple
that is going wrong (or not...).
> so, on odin, stunnel is already up and running, listening on port 636
> so that it can then be forwarded to localhost(odin):389. then, on
> blammo, i tried:
>
> blammo# stunnel -p .... -d localhost:ldap -c -r odin:ldaps -D 7 -f
so stunnel is listening on localhost. Do you have your /etc/openldap/ldap.conf
set to localhost too or to blammo? There is a difference.
> blammo# ldapsearch -b "dc=bsd,dc=uchicago,dc=edu" -D
> "cn=Manager,dc=bsd,dc=uchicago,dc=edu" -W '(uid=blair)'
> Enter LDAP Password:
> ldapsearch gives me "ldap_bind: Can't contact LDAP server"
Does this work without stunnel, i.e., add a -h odin to that
command.
Do your /etc/hosts.allow & /etc/hosts.deny files deny some kind of access?
stunnel and slapd are linked against libwrap.
I have a patched authconfig and a packaged stunnel which configure most
of these files (nsswitch.conf, stunnel start-up scripts, etc) automatically
for authentication with ldap. They don't just mess with /etc/pam.d/* files
yet, but that's comming. If you want to take a look, check
ftp://ftp.conectiva.com.br/pub/conectiva/EXPERIMENTAL/ldap, there are
RPMs and SRPMs.
--
Andreas Hasenack
andreas@conectiva.com.br
BIG Linux user!