LDAP Client Configuration
I have setup ldap client authentication on RHEL 6
The command Code:
#ldapsearch -x -b "dc=example,dc=com" But the command Code:
#getent passwd ldapuser1 |
Did you configure the system authentication resources correctly using 'authconfig-tui'?
Can you post the content of '/etc/openldap/ldap.conf' and '/etc/nsswitch.conf'? |
With command #ldapsearch -x -ZZ "dc=example,dc=com", I am getting this error : TLS error -5932 encountered end of file
|
Did you configure your ldap with use TLS?
Which ldap is this? openldap? sun directory server? 389-ds? |
I'm using openldap and using TLS.
|
Can you post the content of "/etc/openldap/slapd.conf"?
|
Quote:
There is a ldap.conf file and contents are Code:
TLS_CACERTDIR /etc/openldap/cacerts |
Anyone any help
|
With command #ldapsearch -x -ZZ "dc=example,dc=com", I am getting this error :
ldap_start_tls: connect error (-11) addition info: TLS error -5932 encountered end of file |
Quote:
Quote:
Putting that error into Google pulls up lots..did you try there? Also some links on this site too: https://www.linuxquestions.org/quest...r-11-a-497888/ http://www.openldap.org/lists/openld.../msg00060.html http://stackoverflow.com/questions/2...t-error-in-php http://osdir.com/ml/ldap.umich/2007-03/msg00098.html The error points to TLS not being set up correctly, or a bad certificate/hostname. |
Has anyone figured thus out?
I am having exactly the same error using RHEL 6.3 and OpenDJ 2.4.5. RedHat support has been no help. All of my RHEL 5 LDAP clients have no trouble at all connecting either in the clear, using startTLS, or using LDAPS. On RHEL 6, id, getent, and ldapsearch all give errors when attempting to connect using startTLS or LDAPS. The only way I've found to get RHEL 6 to play even sort-of nice with OpenDJ/LDAP is to use the option "ldap_auth_disable_tls_never_use_in_production = TRUE" in /etc/sssd/sssd.conf, which (thank god) won't allow a change to a password since it's not an encrypted channel. The OpenDJ server gives a log message about "no cipher suites in common", which isn't very helpful, as that seems to be the "default" message when something goes wrong with SSL negotiation. I know my certificates are good, since they work for all the RHEL 5 clients. I also know that startTLS works on the LDAP server, since all the RHEL 5 clients can do that successfully as well. Any thoughts, anyone? |
All times are GMT -5. The time now is 09:08 AM. |