search for: tls_cacertdir

...=================== uri ldap://idir1.internal.domain.com/ ldap://idir2.internal.domain.com/ ldap_version 3 sudoers_base ou=SUDOers,dc=domain,dc=com binddn (anonymous) bindpw (anonymous) bind_timelimit 120000 timelimit 120 ssl start_tls tls_cacertdir /etc/openldap/cacerts =================== sudo: ldap_initialize(ld, ldap://idir1.internal.domain.com/ ldap://idir2.internal.domain.com/) sudo: ldap_set_option: debug -> 0 sudo: ldap_set_option: ldap_version -> 3 sudo: ldap_set_option: tls_cacertdir -> /etc/openldap/cacerts sudo: ldap_se...

...ide of this configuration on virtual CentOS 5 i386 machine. /etc/ldap.conf reads ----- %< ----- base dc=DOMAIN,dc=com timelimit 30 bind_timelimit 30 idle_timelimit 300 nss_initgroups_ignoreusers root,ldap,named,[... trimmed ...] uri ldap://ldap1.DOMAIN.com ldap://ldap2.DOMAIN.com ssl start_tls tls_cacertdir /etc/openldap/cacerts pam_password md5 ----- %< ----- The client will bind to whichever server is listed first after the 'uri' directive. In the config snippet, it's 'ldap1' -- but it works the other way too. If the first-listed server goes away, the client never seems to...

...= true level2 oplocks = true /etc/openldap/ldap.conf # $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.9 2000/09/04 19:57:01 kurt Exp $ # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. HOST 127.0.0.1 BASE dc=capriolobike,dc=com TLS_CACERTDIR /etc/openldap/cacerts /etc/openldap/slapd.conf # $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.9 2000/09/04 19:57:01 kurt Exp $ # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. HOST 127.0.0.1 BASE dc=capriolobike,dc=com TLS_C...

...= true level2 oplocks = true /etc/openldap/ldap.conf # $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.9 2000/09/04 19:57:01 kurt Exp $ # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. HOST 127.0.0.1 BASE dc=capriolobike,dc=com TLS_CACERTDIR /etc/openldap/cacerts /etc/openldap/slapd.conf # $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.9 2000/09/04 19:57:01 kurt Exp $ # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. HOST 127.0.0.1 BASE dc=capriolobike,dc=com TLS_C...

...==== uri ldaps://pepsdc1.peps.local/ ldaps://pepsdc2.peps.local/ ldap_version 3 sudoers_base ou=SUDOers,dc=peps,dc=local binddn <bind user> bindpw <bind user pwd> bind_timelimit 3000 timelimit 3 ssl yes tls_checkpeer (no) tls_cacertdir /etc/openldap/cacerts/ =================== sudo: ldap_initialize(ld, ldaps://pepsdc1.peps.local/ ldaps://pepsdc2.peps.local/) sudo: ldap_set_option: debug -> 0 sudo: ldap_set_option: ldap_version -> 3 sudo: ldap_set_option: tls_checkpeer -> 0 sudo: ldap_set_option: tls_cacertdir -> /...

...xxxx,dc=com timelimit&nbsp;1 bind_timelimit&nbsp;1 nss_initgroups_ignoreusers&nbsp;root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm uri&nbsp;ldaps://auth1.xa.xxxx.com:636&nbsp;ldaps://auth2.xa.xxxx.com:636 ssl&nbsp;on tls_checkpeer&nbsp;yes tls_cacertdir&nbsp;/etc/openldap/cacerts tls_cacertfile&nbsp;/etc/openldap/cacerts/cacert.pem pam_password&nbsp;md5 bind_policy&nbsp;soft &nbsp; [root at xxxx&nbsp;~]#&nbsp;cat&nbsp;/etc/openldap/ldap.conf&nbsp; URI&nbsp;ldaps://auth1.xa.xxxx.com:636&nbsp;ldaps://aut...

...uot;, "use md5 password", "use shadow > password", "use ldap authentication", "use tls", > "server=ldap://myldapserver.com", "basedn=o=XXX" > > my /etc/openldap/ldap.conf: > BASE o=XXX > URI ldap://myldapserver.com/ > TLS_CACERTDIR /etc/ssl/certs > SASL_NOCANON on > > My /etc/sssd/sssd.conf: > [domain/default] > ldap_uri = ldap://myldapserver.com/ > ldap_search_base = ou=YYY,o=XXX > ldap_schema = rfc2307bis > id_provider = ldap > ldap_user_uuid = entryuuid > ldap_group_uuid = entryuuid > l...

...rt_tls mechanism uses the normal LDAP port, LDAPS typically 636 ssl no # OpenLDAP SSL options # Require and verify server certificate (yes/no) #tls_checkpeer yes # CA certificates for server certificate verification tls_cacertfile /etc/openldap/cacerts/cacert.pem tls_cacertdir /etc/openldap/cacerts # Client certificate and key tls_cert /etc/openldap/cacerts/servercert.pem tls_key /etc/openldap/cacerts/serverkey.pem Relevant parts of /etc/pam.d/system-auth: auth required pam_env.so auth sufficient pam_fprintd.so auth...

...nf # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. #BASE??? dc=example,dc=com #URI??? ldap://ldap.example.com ldap://ldap-master.example.com:666 URI ldaps://ldap1t.test.loc:636 #SIZELIMIT??? 12 #TIMELIMIT??? 15 #DEREF??? ??? never #TLS_CACERTDIR??? /etc/openldap/certs TLS_CACERTDIR /etc/pki/tls/certs/ka # Turning this off breaks GSSAPI used with krb5 when rdns = false SASL_NOCANON??? on TLS_REQCERT never dovecot.conf: [root at mail1t dovecot]# cat dovecot.conf auth_mechanisms = plain login mail_uid = vmail mail_gid = vmail ssl_cert =...

...S_REQCERT setting. The default for # OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes". #tls_checkpeer yes # CA certificates for server certificate verification # At least one of these are required if tls_checkpeer is "yes" #tls_cacertfile /etc/ssl/ca.cert #tls_cacertdir /etc/ssl/certs # SSL cipher suite # See man ciphers for syntax #tls_ciphers TLSv1 # Client certificate and key # Use these, if your server requires client authentication. #tls_cert #tls_key # SASL mechanism for PAM authentication - use is experimental # at present and does not support password poli...

...rt_tls mechanism uses the normal LDAP port, LDAPS typically 636 ssl no # OpenLDAP SSL options # Require and verify server certificate (yes/no) #tls_checkpeer yes # CA certificates for server certificate verification tls_cacertfile /etc/openldap/cacerts/cacert.pem tls_cacertdir /etc/openldap/cacerts # Client certificate and key tls_cert /etc/openldap/cacerts/servercert.pem tls_key /etc/openldap/cacerts/serverkey.pem Relevant parts of /etc/pam.d/system-auth: auth required pam_env.so auth sufficient pam_fprintd.so auth...

...p/server.pem # OpenLDAP SSL mechanism # start_tls mechanism uses the normal LDAP port, LDAPS typically 636 ssl start_tls # CA certificates for server certificate verification # At least one of these are required if tls_checkpeer is "yes" tls_cacertfile /usr/local/etc/openldap/server.pem #tls_cacertdir /etc/ssl/certs I?m very grateful for your answer Peter Nyberg Institutionen f?r Biokemi och Biofysik (DBB) Sv.Arrhenius v?gen 12 106 91 Stockholm Tel: 08-16 24 69 Mobil: 070 339 24 69 Fax 08 153679

On 05/09/2015 01:24 PM, Jonathan Billings wrote: > Is it normal to have pam_unix and pam_sss twice for each each section? No. See my previous message. I think it's the result of copying portions of SuSE configurations.

Not sure if this is dovecot or not but can find very little ie no info around on this ... and added the pem file into /etc/pki/ca-trust/source/anchors and run udpate-ca-trust .. all works ok .. (this is on centos 7 btw) So wanted to change the hostname away from ip-x-x-x-x to something a little bit more descriptive .. but then kaboom .. doesnt work any more and the following errors are seen.

..._shadow ou=people,dc=example,dc=org?one nss_base_group ou=groups,dc=example,dc=org?one nss_base_hosts ou=machines,dc=example,dc=org?one nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman uri ldap://server.example.org ssl no tls_cacertdir /etc/openldap/cacerts pam_password md5 smbldap.conf ************ sambaDomain="MYDOMAIN" slaveLDAP="127.0.0.1" slavePort="389" masterLDAP="127.0.0.1" masterPort="389" ldapTLS="0" suffix="dc=example,dc=org" usersdn="ou=people...

Hello I'm searching infos on using Dovecot with pam_ldap and FreeBSD 6.2 any pointers welcome :-) Thanks -- Frank

...f # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. #BASE dc=example, dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never URI ldap://ldap.acadaca.net/ BASE dc=acadaca,dc=net TLS_CACERTDIR /etc/openldap/cacerts sudoers_base ou=sudoers,ou=Services,dc=acadaca,dc=net In my openldap logs on the LDAP server there appears to be no activity when I sudo. however in the secure logs on the client I do.. Nov 8 16:05:34 VIRCENT03 su: pam_unix(su-l:session): session opened for user root by bl...

Hi ! We are planing on deploying an ldap master and replica to serve as our new authentication server for our soon to be RedHat cluster. But, we need to be able to function if the master is down for whatever reason. So, I tried to specify 2 servers in the setup-authentification servername section, separated by a comma, but it doesn't seem to work. So, is it possible to specifying 2 ldap

Hi all, When configuring Samba against an LDAP server, it is possible to configure an SSL connection by using "ldap ssl = on" in the smb.conf file. Is there a way of telling Samba's LDAP code to ensure that the certificate presented by the LDAP server is signed by a specific CA? Regards, Graham --

...#39;t use the uid attribute to authenticate the users nss_map_attribute uid iufmLogin # Default options port 389 timelimit 120 bind_timelimit 120 idle_timelimit 3600 nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd uri ldap://127.0.0.1/ ssl no tls_cacertdir /etc/openldap/cacerts pam_password md5 - Here the nsswitch.conf file : [...] passwd: files ldap shadow: files ldap group: files ldap [...] - Here the [global] section of the smb.conf (only the ldap options) [global] [...] # Parametres ldap ldap admin dn=c...