Ldap ssl on Debian Squeeze
Hi,
I'm trying to configure openldap server and client with ssl authentication on Debian Squeeze distribution.
On the server (tmpldap.myservers.com) I installed openldap with ssl enabled, certification authority and certificates.
/etc/sladp.conf file
TLSVerifyClient try
TLSCipherSuite normal
TLSCACertificateFile /etc/ldap/certs/cacert.pem
TLSCertificateKeyFile /etc/ldap/certs/tmpldap.myservers.com.key
TLSCertificateFile /etc/ldap/certs/tmpldap.myservers.com.crt
On the client (tmpsamba.myservers.com) I installed libnss-ldapd and libpam-ldapd packages as indicated in various howto of Debian Squeeze.
/etc/nslcd.conf file
# SSL options
ssl on
tls_reqcert try
tls_cacertfile /etc/smbldap-tools/certs/cacert.pem
tls_cert /etc/smbldap-tools/certs/tmpsamba.myservers.com.crt
/etc/ldap/ldap.conf file
TLS_REQCERT try
TLS_CACERT /etc/smbldap-tools/certs/cacert.pem
The following command returns "Verify return code: 0 (ok)", so the certificate it's ok.
openssl s_client-connect tmpldap.myservers.com: 636-showcerts-state-CAFile/etc/smbldap-tools/certs/cacert.pem
On the client can use ldapsearch -x and all smbtools (also configured with SSL authentication).
I started nslcd -d.
launching "getent passwd", the result is the following:
nslcd: [8b4567] failed to bind to LDAP server ldaps: / / tmpldap.myservers.com: Can not contact LDAP server: Permission denied
nslcd: [8b4567] DEBUG: ldap_unbind ()
nslcd: [8b4567] No LDAP servers found available
ldapsearch works correctly, even smbldap-tools. The certificates are correct! What is wrong?
Nslcd why can not connect?
Thank you!
Last edited by Pex; 11-08-2011 at 11:08 AM.
|