[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: fedora and openldap

To: Judith Flo Gaya <jflo@imppc.org>
Subject: Re: fedora and openldap
From: Aaron Richton <richton@nbcs.rutgers.edu>
Date: Wed, 13 Apr 2011 15:07:53 -0400 (EDT)
Cc: "richm@stanfordalumni.org" <richm@stanfordalumni.org>, Rich Megginson <rich.megginson@gmail.com>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>
In-reply-to: <4DA5F307.9020606@imppc.org>
References: <4D9B87A2.8040400@imppc.org> <201104091723.01247.harry.jede@arcor.de> <4DA2CE65.70006@imppc.org> <201104111314.34875.harry.jede@arcor.de> <4DA4876E.7000907@imppc.org> <38ACE42D42C9413E24A03D6F@[192.168.1.2]> <4DA4A479.70404@imppc.org> <4DA4ACCD.4010501@gmail.com> <4DA4B394.6060107@imppc.org> <4DA4B514.1020404@gmail.com> <4DA582B7.5070907@imppc.org> <4DA5A137.6020007@gmail.com> <4DA5B2E3.7010407@imppc.org> <4DA5B521.8050908@gmail.com> <4DA5BAEE.7060603@imppc.org> <alpine.SOC.2.00.1104131351350.2565@toolbox.rutgers.edu> <4DA5F307.9020606@imppc.org>
User-agent: Alpine 2.00 (SOC 1167 2008-08-23)

On Wed, 13 Apr 2011, Judith Flo Gaya wrote:

I see, I also have those files that you mention... I created my own CAas lots of tutorials explain.. Then I transmitted it to the clients andused it in the ldap.conf file. Do you suggest me to send those to theserver and use them instead of the ones I generated with openssl?

Well, you'll need the CA on the client to match the CA that signed theserver's certificate. In other words...if you generated your own CA forboth the client and the server, trust issues would be completelyexpected...

What's your server?

OpenLDAP software is on both sides of the equation; it's just that someclients are NSS, some clients are OpenSSL, some clients are GnuTLS, whileALL servers are OpenSSL.

Well my final problem were not ldapsearch but the user autenticacion.The ldapsaerch showed the whole ldap definitions but if I try to sshwith an ldap user to the machine, I get some TLS negotiation problem ;(That's when I was told that the problem may be caused by theimplementation of the ldap client (with moznss support).

Well, when troubleshooting, it's often easiest to look with a narrowscope. Using OpenLDAP software, such as ldapsearch(1) and ldapwhoami(1),will probably offer a better debugging platform than an sshimplementation? One step at a time...

Follow-Ups:
- Re: fedora and openldap
  - From: Judith Flo Gaya <jflo@imppc.org>

References:
- fedora and openldap
  - From: Judith Flo Gaya <jflo@imppc.org>
- Re: fedora and openldap
  - From: harry.jede@arcor.de
- Re: fedora and openldap
  - From: Judith Flo Gaya <jflo@imppc.org>
- Re: fedora and openldap
  - From: harry.jede@arcor.de
- Re: fedora and openldap
  - From: Judith Flo Gaya <jflo@imppc.org>
- Re: fedora and openldap
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: fedora and openldap
  - From: Judith Flo Gaya <jflo@imppc.org>
- Re: fedora and openldap
  - From: Rich Megginson <rich.megginson@gmail.com>
- Re: fedora and openldap
  - From: Judith Flo Gaya <jflo@imppc.org>
- Re: fedora and openldap
  - From: Rich Megginson <rich.megginson@gmail.com>
- Re: fedora and openldap
  - From: Judith Flo Gaya <jflo@imppc.org>
- Re: fedora and openldap
  - From: Rich Megginson <rich.megginson@gmail.com>
- Re: fedora and openldap
  - From: Judith Flo Gaya <jflo@imppc.org>
- Re: fedora and openldap
  - From: Rich Megginson <rich.megginson@gmail.com>
- Re: fedora and openldap
  - From: Judith Flo Gaya <jflo@imppc.org>
- Re: fedora and openldap
  - From: Aaron Richton <richton@nbcs.rutgers.edu>
- Re: fedora and openldap
  - From: Judith Flo Gaya <jflo@imppc.org>

Prev by Date: Re: fedora and openldap
Next by Date: Re: fedora and openldap
Index(es):
- Chronological
- Thread