Puppet users - Mar 2009 - LDAP Nodes, Solaris Puppetmaster and SSL/TLS

Does anyone have a puppetmaster working on Solaris that uses LDAP  
nodes and connects to the ldap server using SSL or TLS? I have tried  
everything to make it happen but cant seem to find the magical  
combination, if there is one, to get ruby-ldap compiled so that it  
works with TLS or SSL.

Chris

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On 2009-Mar-23, at 4:48 PM, Christopher Webber wrote:
> Does anyone have a puppetmaster working on Solaris that uses LDAP
> nodes and connects to the ldap server using SSL or TLS? I have tried
> everything to make it happen but cant seem to find the magical
> combination, if there is one, to get ruby-ldap compiled so that it
> works with TLS or SSL.

I''ve never tried what you''re doing, but I''ve dealt
with my share of
Solaris/LDAP/SSL problems, so I''ll try to help.

I take it ldapsearch, etc. are working with SSL/TLS? Are you using  
OpenLDAP or Sun''s LDAP?

-- 
Rob McBroom
<http://www.skurfer.com/>

Because it screws up the order in which people normally read text.

Original message:
> Why is it bad to top-post your reply?



--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

I am using OpenLDAP on both ends. ldapsearch works with both start_tls  
and via ssl. It seems that the issue is directly related to the ruby- 
ldap libraries.

Chris

On Mar 25, 2009, at 1:54 PM, Rob McBroom wrote:
>
> On 2009-Mar-23, at 4:48 PM, Christopher Webber wrote:
>
>> Does anyone have a puppetmaster working on Solaris that uses LDAP
>> nodes and connects to the ldap server using SSL or TLS? I have tried
>> everything to make it happen but cant seem to find the magical
>> combination, if there is one, to get ruby-ldap compiled so that it
>> works with TLS or SSL.
>
>
> I''ve never tried what you''re doing, but I''ve
dealt with my share of
> Solaris/LDAP/SSL problems, so I''ll try to help.
>
> I take it ldapsearch, etc. are working with SSL/TLS? Are you using
> OpenLDAP or Sun''s LDAP?
>
> -- 
> Rob McBroom
> <http://www.skurfer.com/>
>
> Because it screws up the order in which people normally read text.
>
> Original message:
>
>> Why is it bad to top-post your reply?
>
>
>
>
> >

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On 2009-Mar-25, at 5:46 PM, Christopher Webber wrote:
> I am using OpenLDAP on both ends. ldapsearch works with both  
> start_tls and via ssl. It seems that the issue is directly related  
> to the ruby-ldap libraries.

Probably a stupid question, but when you built ruby-ldap, did you  
specifically tell it where to find OpenLDAP to make sure it didn''t  
pick up the Sun stuff?

I''ve never done it with Ruby, but PHP has a `--with-ldap=/path` option.

Also, I know not everything will use ldap.conf or ~/.ldaprc. To use  
LDAP in Python, you have to specify all those options again, so maybe  
the URI, BASEDN, and TLS_* settings aren''t being picked up by Ruby?

-- 
Rob McBroom
<http://www.skurfer.com/>





--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---