Re: [nssldap] ldapsearch works - nss_ldap does not - but only whentls/ssl isenabled
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: [nssldap] ldapsearch works - nss_ldap does not - but only whentls/ssl isenabled
- From: "James Hogarth" <jhogarth [at] odls.com>
- To: <nssldap [at] padl.com>
- Subject: Re: [nssldap] ldapsearch works - nss_ldap does not - but only whentls/ssl isenabled
- Date: Fri, 18 May 2007 09:37:50 +0100
Ubuntu uses nss_ldap.conf but I have symlinked to ldap.conf to reduce
duplication.
Indeed that is an openldap configuration - but I was under the
impression that unknown lines would be skipped? You'll notice I also
have the nssl_ldap line of tls_cacertfile.
Ah yes my apologies on that one - as mentioned it doesn't hang as
ldap:// (ie unencrypted) and I copy/pasted my working configuration -
for the hanging one merely change ldap:// to ldaps://
On Wed, 2007-05-16 at 13:05 -0300, Andreas Hasenack wrote:
> On Wed, May 16, 2007 at 01:22:09PM +0100, James Hogarth wrote:
> > ldapsearch query:
> >
> > ldapsearch -Hldaps://<domain controller> -x -W -b "<ldap base>" -s sub
> > -D <bind dn> -LLL "(&(objectCategory=user)(uidnumber=*))" cn
> > unixHomeDirectory member uidnumber gidnumber
> >
> > ldap.conf:
>
> Be carefull, there are many "ldap.conf" out there. nss_ldap uses
> /etc/ldap.conf by default: debian (ubuntu) may do otherwise.
>
> > TLS_CACERT /etc/ssl/certs/AD_CA_CERT.pem
>
> This is not recognized by nss_ldap nor pam_ldap. Seems an option to
> openldap's ldap.conf.
>
> > tls_cacertfile /etc/ssl/certs/AD_CA_CERT.pem
> > uri ldap://<domain controller>
>
> try ldaps:// here
>
> > ldap_version 3
> > base <base>
> > rootbinddn <bind dn>
> > scope sub
> > referrals no
> > nss_base_passwd <base>?sub?&(objectCategory=user)(uidnumber=*)
> > nss_base_shadow <base>?sub?&(objectCategory=user)(uidnumber=*)
> > nss_base_group <base>?sub?&(objectCategory=group)(gidnumber=*)
> > nss_map_objectclass posixAccount user
> > nss_map_objectclass shadowAccount user
> > nss_map_objectclass posixGroup group
> > nss_map_attribute gecos cn
> > nss_map_attribute homeDirectory unixHomeDirectory
> > nss_map_attribute uniqueMember member
>
--------------------------------------------------------
This message is for information purposes only and is not intended as an
offer, recommendation or solicitation to buy or sell, nor is it an official
confirmation of terms. No representation or warranty is made that this
information is complete or accurate. Any views or opinions expressed do not
necessarily represent those of ODL Securities Limited. This email and the
information it contains may be confidential, proprietary or legally
privileged. If you receive this message in error, please notify the sender
and delete it from your system. You must not, directly or indirectly, use,
disclose, distribute, copy or store this message or any part of it if you
are not the intended recipient. Unless otherwise stated, any pricing
information given in this email is indicative only, is subject to changes
and does not constitute an offer to deal at any price quoted.
ODL Securities Limited is authorised and regulated by the Financial Services
Authority.
--------------------------------------------------------
Sent by James Hogarth on Fri 18/May/2007 at 09:37:51
--------------------------------------------------------
