Hi! I can make ldap authentication to work using LDAPS in CentOS 6. On CentOS 5, I just simply set tls_cheekpeer no to /etc/ldap.conf and it works! I tried all /etc/nslcd.conf /etc/pam_ldap.conf /etc/openldap/ldap.conf It 's really confusing on CentOS 6. Why so many files???? CentOS 5 LDAPTLS_REQCERT=never ldapsearch -x -H ldaps://xxxx (works!) CentOS 6 LDAPTLS_REQCERT=never ldapsearch -x -H ldaps://xxxx (Can 't connect to LDAP Server ...) I 've been reading that there is a bug but I 'm not understanding if there is a workaround for this ... Any ideas???? -- --------------------------------------------------------- Ezequiel Larrarte. " ... God Always Takes The Simplest Way! ... "
I think it's better checking it one by one. 1. check where it stuck arp/ip/tcp There is gonna be a layer to take the responsibility. 2. check if the ldaps works fine in Centos6 to the server tcpdump 3. decrypt the traffic seeing if the protocol goes well ssldump ------------ Banyan He Blog: http://www.rootong.com Email: banyan at rootong.com On 2012-10-27 4:08 AM, Ezequiel Larrarte wrote:> Hi! > > I can make ldap authentication to work using LDAPS in CentOS 6. On > CentOS 5, I just simply set tls_cheekpeer no to /etc/ldap.conf and it > works! > > I tried all > /etc/nslcd.conf > /etc/pam_ldap.conf > /etc/openldap/ldap.conf > > It 's really confusing on CentOS 6. Why so many files???? > > CentOS 5 > LDAPTLS_REQCERT=never ldapsearch -x -H ldaps://xxxx > (works!) > > CentOS 6 > LDAPTLS_REQCERT=never ldapsearch -x -H ldaps://xxxx > (Can 't connect to LDAP Server ...) > > I 've been reading that there is a bug but I 'm not understanding if > there is a workaround for this ... > > Any ideas???? > >
On 10/26/2012 01:08 PM, Ezequiel Larrarte wrote:> I tried all > /etc/nslcd.conf > /etc/pam_ldap.conf > /etc/openldap/ldap.confDon't use nss-pam-ldapd and pam_ldap. Remove the packages entirely and install sssd. You'll still use authconfig to configure LDAP integration, but you'll get a stack that's better maintained and documented. See "man sssd-ldap" for ldap_tls_reqcert. Or, better, install the CA that signed your LDAP cert and refer to that with ldap_tls_cacert or ldap_tls_cacertdir.