[COLUG] More LDAP silliness, Part Deux

Vince Herried vince at planetvince.info
Tue Sep 5 10:35:38 EDT 2006 

On Sunday 03 September 2006 10:38, Travis Sidelinger wrote:
> Joshua,
>
> I believe your issue is with the client.  Here's what I think you are
> missing.  Add this line to your ldap client's cofig.
>   $ echo "TLS_REQCERT allow" >> /etc/openldap/ldap.conf
> You can read the "man 5 ldap.conf" for more details.
>
> I wrote up an openldap SSL/TLS located how-to here.  Maybe this will help.
>   http://www.ilive4unix.net/doku.php?id=notes:sec:openldapcert
>
> Hope this fixes your troubles.  Good luck.
>
> Travis Sidelinger
>
> Joshua Kramer wrote:


I too have been messing with ldap (it is your fault, you got me interested:).

Comments on your web page instructions...

1.  yum couldn't find it but it found
openssl-perl

2. my distro (fedora core 4)
already had a directory /etc/openldap/cacerts
so I used that.

7. Remote the private key?
how about remove or edit out the private key(and do anything with it??)


8.  remove our files?
should be rename

9.  my version of openldap complained that it couldn't read
the .pem files till I chown ldap:ldap 



I'm trying to get KAddressbook to connect.
it can read when I disable security but would like to get it to be able to
update...

in the setup for kadressbook ldap it asks for....

	User:
what user?

	Bind DN:
huh?

	Realm:
huh?

	Passwd:
i assume that associated with the cert?

	Host:
Ah, a question I can answer

	port:
	ldap version:
	size limit:
	time limit:
	DN:
huh?

	Filter:
I guess I can figure that out.


Then more problems,questions.

	Security select
	no | TLS | SSL

	Authentification select
	Anonymous | simple | sasl

	sasl mechinism  	Query Server
	CRAM_MD5  | DIGEST-MD5



in my lapd I get (among other messages)

Sep  5 10:27:39 desk slapd[3973]: <<< dnNormalize: 
<uid=vince,cn=digest-md5,cn=a
uth>
Sep  5 10:27:39 desk slapd[3973]: ==>slap_sasl2dn: converting SASL name 
uid=vinc
e,cn=digest-md5,cn=auth to a DN
Sep  5 10:27:39 desk slapd[3973]: slap_sasl_regexp: converting SASL name 
uid=vin
ce,cn=digest-md5,cn=auth
Sep  5 10:27:39 desk slapd[3973]: <==slap_sasl2dn: Converted SASL name to 
<nothi
ng>
Sep  5 10:27:39 desk slapd[3973]: SASL Canonicalize [conn=0]: 
slapAuthcDN="uid=v
ince,cn=digest-md5,cn=auth"
Sep  5 10:27:39 desk slapd[3973]: SASL [conn=0] Error: unable to open Berkeley 
d
b /etc/sasldb2: No such file or directory
Sep  5 10:27:39 desk last message repeated 2 times
Sep  5 10:27:39 desk slapd[3973]: SASL Canonicalize [conn=0]: authzid="vince"
Sep  5 10:27:39 desk slapd[3973]: SASL [conn=0] Failure: no secret in database


huh, I don't see any reference to /etc/sasldb2 in my ldap config files?

v

More information about the colug432 mailing list