Re: ldap tunneling question

[blair christensen <blair@bsd.uchicago.edu>]

On Fri, Jun 02, 2000 at 06:31:28PM -0300, Andreas Hasenack wrote:
> Em Fri, Jun 02, 2000 at 03:19:45PM -0500, blair christensen escreveu:
> > so, on odin, stunnel is already up and running, listening on port 636
> > so that it can then be forwarded to localhost(odin):389.  then, on
> > blammo, i tried:
> > 
> > blammo#  stunnel -p .... -d localhost:ldap -c -r odin:ldaps -D 7 -f
> 
> so stunnel is listening on localhost. Do you have your /etc/openldap/ldap.conf
> set to localhost too or to blammo? There is a difference.
> 

i am using 'localhost' in there.  i have tried it with 'blammo' as
well.

> > blammo# ldapsearch -b "dc=bsd,dc=uchicago,dc=edu" -D
> > "cn=Manager,dc=bsd,dc=uchicago,dc=edu" -W '(uid=blair)'
> > Enter LDAP Password:
> > ldapsearch gives me "ldap_bind: Can't contact LDAP server"
> 
> Does this work without stunnel, i.e., add a -h odin to that
> command.
> 

yep, that works.

> Do your /etc/hosts.allow & /etc/hosts.deny files deny some kind of access?
> stunnel and slapd are linked against libwrap.
> 

i had this problem already because i forgot that it was configured for
libwrap.   this has been fixed.

> I have a patched authconfig and a packaged stunnel which configure most
> of these files (nsswitch.conf, stunnel start-up scripts, etc) automatically 
> for authentication with ldap. They don't just mess with /etc/pam.d/* files 
> yet, but that's comming. If you want to take a look, check 
> ftp://ftp.conectiva.com.br/pub/conectiva/EXPERIMENTAL/ldap, there are
> RPMs and SRPMs.
> 

i'll take a look at that.  

thanks,
blair christensen