[nssldap] Using tls_cert/key without rootbinddn
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[nssldap] Using tls_cert/key without rootbinddn
- From: Iain Morgan <imorgan [at] nas.nasa.gov>
- To: nssldap [at] padl.com
- Subject: [nssldap] Using tls_cert/key without rootbinddn
- Date: Wed, 21 Feb 2007 11:19:38 -0800 (PST)
Hello,
I'm attempting to configure nss_ldap/pam_ldap to use a client SSL cert
when binding to Sun's Directory Server. The intent is to avoid using
rootbinddn and binddn altogether.
While I can successfully bind to the server using the client cert, the
client immediately attempts to rebind using simple authentication:
[21/Feb/2007:10:45:03 -0800] conn=3829 op=-1 msgId=-1 - fd=17 slot=17
LDAPS connection from 10.2.9.13:31250 to 10.2.9.209
[21/Feb/2007:10:45:03 -0800] conn=3829 op=-1 msgId=-1 - SSL 56-bit
RC4-56; client CN=HEC Proxy,OU=Proxy,O=NASA Advanced Supercomputing
Division; issuer CN=Temporary CA,O=NASA Advanced Supercomputing
Division
[21/Feb/2007:10:45:03 -0800] conn=3829 op=-1 msgId=-1 - SSL client bound
as cn=HEC Proxy,ou=Proxy,dc=nas,dc=nasa,dc=gov
[21/Feb/2007:10:45:03 -0800] conn=3829 op=0 msgId=1 - BIND dn=""
method=128 version=3
[21/Feb/2007:10:45:03 -0800] conn=3829 op=0 msgId=1 - RESULT err=0
tag=97 nentries=0 etime=0 dn=""
The /etc/ldap.conf is simply:
uri ldaps://linux09.nas.nasa.gov
base dc=nas,dc=nasa,dc=gov
ldap_version 3
pam_password clear
ssl on
tls_cert /etc/ssl/private/HEC_client.pem
tls_key /etc/ssl/private/HEC_client.key
Is there any way to avoid this apparent rebinding?
Thnks
--
Iain Morgan
- [nssldap] Using tls_cert/key without rootbinddn,
Iain Morgan