search for: cacertdir_rehash

...eshadow --passalgo=sha512 --enablefingerprint --enableldap --enableldapauth --ldapserver=ldap.ourcompany.com --ldapbasedn=dc=ourcompany,dc=com --enablecache --enableldaptls then, in %post: curl http://www.ourcompany.com/ca/ca.crt \ -s -o /etc/openldap/cacerts/ca.ourcompany.com.pem /usr/sbin/cacertdir_rehash /etc/openldap/cacerts And that did the trick. The main difference is that you install a bundle of certifcates rather than a single one. There are two issues: 1. Hashing a certificate bundle does no good as far as I know. Hashes only work on a single cert, right? 2. Unless told otherwise,...

Hi, I'm planing to setup a new samba fileserver as a member to an existing samba 3.x SMB. The old server is still nss-pam-ldapd configured (historic left overs). As I dont have any pressure to have the new server up and running within the next few hours, I liked to set up sssd with our existing openldap. After googling and reading some documentations from redhat/fedora I think I do have a

Hi, I'm facing a problem with setting up LDAP+TLS client authentication in a kickstart script on CentOS7 for several days. Setting up manualy the config with system-config-authentication works but I need to automate this in kickstart for deploying cluster nodes. This show that the server side is running fine. At this time the message is #systemctl status sssd |....

> Here are the changes I'd review: > > ?1. After installing the CA cert, did you create a hash link? E.g., > > ? ? /usr/sbin/cacertdir_rehash /etc/openldap/cacerts > > ?2. Make sure you know the difference between /etc/ldap.conf and > ? ? /etc/openldap/ldap.conf. The former is used by nss_ldap, the > ? ? latter by openldap clients. > > ?3. Does /etc/ldap.conf have all the correct TLS entries, e.g., > > ? ? ssl sta...

Hello, I'm trying to set up a centos 5.3 machine to do authentication via openldap. I've got it working, I'm not sure if I have it 100% right, but I can use ldapsearch to query the directory, use finger, id, chown, and other utilities with ldap usernames and groups, log in via ssh as an ldap user and if it's a new user automatically have the home directory created. Having got this

Hello, I have a central repository of users/groups based on OpenLDAP which is working on a remote LAN (servers share users credentials and mount their home directories via NFS). They use non-encrypted ldap restricted to the local network. Now, I have a few servers in our local office and I would like them to authenticate from the remote LDAP server using encryption via ldaps://. (at this stage,