Re: [nssldap] Possible bug in nss_ldap v253 using SSL ?
[Date Prev][
Date Next]
[Thread Prev][
Thread Next]
Re: [nssldap] Possible bug in nss_ldap v253 using SSL ?
- From: "Joshua M. Miller" <joshua [at] itsecureadmin.com>
- To: Christopher Smith <csmith [at] nighthawkrad.net>
- Cc: nssldap [at] padl.com
- Subject: Re: [nssldap] Possible bug in nss_ldap v253 using SSL ?
- Date: Tue, 08 May 2007 06:16:32 -0700
Isn't the host directive deprecated in favor of URI anyway?
Thanks,
--
Joshua M. Miller - RHCE,VCP
Christopher Smith wrote:
This is happening on a new CentOS 5 machine, with the "nss_ldap-253-3"
package. In summary, it appears nss_ldap is both not automatically
using the correct port when configured with 'ssl on' *AND* ignoring the
'port' directive in /etc/ldap.conf when it is specified directly.
If I try 'getent passwd' with:
host pdc01.nighthawkrad.net
ssl on
It doesn't work. Further, tcpdump shows the machine trying to contact
my AD server on port 389 - LDAP w/o SSL.
(This configuration works fine with CentOS 4.4 and its
"nss_ldap-226-17", I have several machines using it.)
If I try 'getent passwd' with:
host pdc01.nighthawkrad.net
ssl on
port 636
It still doesn't work and tcpdump also shows the machine trying to
contact the AD server via port 389.
Finally, if 'getent passwd' with:
uri ldaps://an.ad.server/
ssl on
It works as expected (ie: I get a list of user account details). Tcpdump
shows port 636 being used, as it should be.
- Re: [nssldap] Possible bug in nss_ldap v253 using SSL ?,
Joshua M. Miller