[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
error=Resource temporarily unavailable...
Hi All,
I am running OpenLDAP 2.0.15 on a RedHat 7.1 machine with
manually-installed kernel 2.4.9. I compiled OpenLDAP, NSS_LDAP 172, and
PAM_LDAP 131 from scratch and linked the later two package with the
Netscape LDAPSDK 4.11. What I was trying to do is,
(i) integrate user account info. in the LDAP instead of plain files,
(ii) centralized authentication over secured channel like SSL/TLS.
However, I got the Linux/LDAP integration alright, though I do not
understand one point:
I initially got the log in alright, but the user groups were not recognized
by the system. I followed the LDAP-Implementation-HOWTO, and after fiddling
for a long time, still the user groups were still not recognizable(like
doing ls, only the group number is displayed, not the group name defined in
LDAP). Then, I comment a line that reads,
nss_base_groups ou=Groups,dc=my,dc=domain?one?
in /etc/ldap.conf, and the problem was gone. I am sure I have defined the
group under ou=Groups,dc=my,dc=domain, of objectclass posixGroup and was
world readable and writable. But this is really strange. Anyway, this may
not be an issue of OpenLDAP.
There is yet another outstanding problem, which is that, I have configured
the OpenLDAP to use SSL/TLS. In my /usr/local/etc/openldap/slapd.conf, I added,
TLSCipherSuite HIGH:MEDIUM:+SSLv3
TLSCACertificateFile /usr/local/ssl/certs/cacert.pem
TLSCertificateFile /usr/local/ssl/certs/server.pem
TLSCertificateKeyFile /usr/local/ssl/private/server.pem
at the end of the file. Then I tried accessing port 636 through Netscape's
address book, and on the first query, it worked, and later queries all got
the address book to be running without any response. The bar keep on saying
"Contacting [myldap] host...". I explicitly imported my CA cert through
Apache. I did not know what happened, then I tried adding a line,
TLSVerifyClient 0
in /usr/local/etc/openldap/slapd.conf, and I tried again, and the same
resulted. I then turned on the debug mode, and I saw lines that say
"tls_read: want=5 error=Resource temporarily unavailable.". Does anyone
know what's wrong? I did not configure /etc/ldap.conf to use ssl though as
the file seems to have some additional tags that I don't see in the
LDAP-Implementation-Howto.
-Daniel.