[Date Prev][Date Next] [Chronological] [Thread] [Top]

error with TLS

To: Liste OpenLDAP Software <openldap-software@OpenLDAP.org>
Subject: error with TLS
From: Francois Beretti <fberetti@wanadoo.fr>
Date: 02 Jun 2002 21:27:28 +0200

Hello

First I finally found how to have the home directory automounted at
login, I should have search a bit more before writing to the list, I am
sorry

I have an other problem, and I hope anyone can help me
I'm trying to set the TLS connexion to my OpenLDAP server.
Before this, with normal connexion, I could login in my linux station
with a login/password located in LDAP (the openldap server is on another
machine)
now the login/password are rejected, and in /var/log/auth.log I got :


Jun  2 21:19:01 francois login: pam_ldap: ldap_starttls_s: Connect error


Can anyone help me ?


In my slapd.conf I have uncommented the few lines about TLS

and on the client stations (ldap.conf), I set
ssl start_tls
tls_checkpeer yes
port 389
(the line "ssl on" is commented)

the command :
openssl s_client -connect ldap.domain:636 -showcerts

seems to work, its output ends with :

Verify return code: 18 (self signed certificate)

I configured the login to use ldap :

/etc/pam.d/login :

#%PAM-1.0
auth       sufficient   /lib/security/pam_ldap.so
auth       required     /lib/security/pam_pwdb.so shadow try_first_pass
auth       required     /lib/security/pam_nologin.so
account    sufficient   /lib/security/pam_ldap.so
account    required     /lib/security/pam_pwdb.so
password   required     /lib/security/pam_cracklib.so
password   sufficient   /lib/security/pam_ldap.so
password   required     /lib/security/pam_pwdb.so shadow nullok \
use_authtok
session    sufficient   /lib/security/pam_ldap.so
session    required     /lib/security/pam_pwdb.so

François

PS : I use Mandrake Linux 8.2

Prev by Date: Re: usercertificate ldap v2 old {ASN} format possible?
Next by Date: Unable to do a search
Index(es):
- Chronological
- Thread