Re: [nssldap] ldapsearch works - nss_ldap does not - but only whentls/ssl isenabled
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: [nssldap] ldapsearch works - nss_ldap does not - but only whentls/ssl isenabled
- From: Buchan Milne <bgmilne [at] mandriva.org>
- To: "James Hogarth" <jhogarth [at] odls.com>
- Cc: nssldap [at] padl.com
- Subject: Re: [nssldap] ldapsearch works - nss_ldap does not - but only whentls/ssl isenabled
- Date: Fri, 18 May 2007 12:53:31 +0200
On Friday, 18 May 2007, James Hogarth wrote:
> Ubuntu uses nss_ldap.conf but I have symlinked to ldap.conf to reduce
> duplication.
Please be very specific here. You can create a /etc/ldap.conf, and
symlink /etc/pam_ldap and /etc/libnss_ldap.conf to that. But, do not create a
link to /etc/ldap/ldap.conf (the OpenLDAP library configuration file).
> Indeed that is an openldap configuration - but I was under the
> impression that unknown lines would be skipped?
Experience shows you should avoid mixing the directives for nss_ldap/pam_ldap
and the OpenLDAP library in the same file.
> You'll notice I also
> have the nssl_ldap line of tls_cacertfile.
It would be useful if you could provide the /etc/ldap/ldap.conf, or the output
from 'strace -e open getent passwd' to confirm which files are being used.
I note that recent versions of nss_ldap will hang if the CA cert is not
available, there may be other conditions as well (I have not tested them
all).
Please also confirm whether the <domain controller> placeholder you've given
matches the subject CN on the certificate issued to the ldap server (which
must match, or certificate validation fails).
Finally, you may also want to set:
bind_policy soft
in the nss_ldap ldap.conf
Regards,
Buchan
--
Buchan Milne
B.Eng,RHCE(803004789010797),LPIC-2(LPI000074592)