Re: ldap tunneling question

[Andreas Hasenack <andreas@conectiva.com.br>]

Em Fri, Jun 02, 2000 at 03:19:45PM -0500, blair christensen escreveu:
> now, what i would like to do is have blammo authenticate via ldap,
> using odin as its ldap server.  as i don't want the ldap information
> sent across the wire in the clear, i thought i would forward ldap
> requests sent to blammo:389 via stunnel to odin.

I'm using such a setup for days and it works. It must be something simple
that is going wrong (or not...).

> so, on odin, stunnel is already up and running, listening on port 636
> so that it can then be forwarded to localhost(odin):389.  then, on
> blammo, i tried:
> 
> blammo#  stunnel -p .... -d localhost:ldap -c -r odin:ldaps -D 7 -f

so stunnel is listening on localhost. Do you have your /etc/openldap/ldap.conf
set to localhost too or to blammo? There is a difference.

> blammo# ldapsearch -b "dc=bsd,dc=uchicago,dc=edu" -D
> "cn=Manager,dc=bsd,dc=uchicago,dc=edu" -W '(uid=blair)'
> Enter LDAP Password:
> ldapsearch gives me "ldap_bind: Can't contact LDAP server"

Does this work without stunnel, i.e., add a -h odin to that
command.

Do your /etc/hosts.allow & /etc/hosts.deny files deny some kind of access?
stunnel and slapd are linked against libwrap.

I have a patched authconfig and a packaged stunnel which configure most
of these files (nsswitch.conf, stunnel start-up scripts, etc) automatically 
for authentication with ldap. They don't just mess with /etc/pam.d/* files 
yet, but that's comming. If you want to take a look, check 
ftp://ftp.conectiva.com.br/pub/conectiva/EXPERIMENTAL/ldap, there are
RPMs and SRPMs.


-- 
Andreas Hasenack
andreas@conectiva.com.br
BIG Linux user!