[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS on Redhat 8.0



Hi,
are you using the same hostname as defined in the certificate?

Oliver

Paolo Marini wrote:

I have installed the stock openssl packages for redhat 8.0 (openldap 2.0.27)
and configured both a server and a client.

Right now, user authentication with nss_ldap and pam_ldap works correctly (I
migrated the users via the perl scripts provided with the standard RPM
packages). I can also change the password for a given user, having set up an
ACL list enabling only authenticated users to do it. Now I would like to set
up SSL via the tls options of openldap.

I generated the server certificates, gave them the correct permissions,
placed the TLS directives in the slapd.conf file and the directives ssl on
or ssl tls_start on the client ldap.conf file. nmap on the server reports
that the 389 and 636 ports are open, for ldap and ldap ssl.

When performing a query via ldapserach with the -Z option (enabling SSL),
everything works fine and I can get responses. Not the same with ldapsearch
and -ZZ option When I try to login to the client machine, it is no more
possible (on /var/log/messages: pam_ldap: ldap_simple_bind Can't contact
LDAP server or, for tls, ldap_starttls_s: Connect error).

Anyone can help me ?

thank you

Paolo Marini



-- Oliver Schulze L. <oliver@samera.com.py>