From owner-freebsd-ports@FreeBSD.ORG Fri Apr 13 20:12:43 2007 Return-Path: X-Original-To: ports@freebsd.org Delivered-To: freebsd-ports@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5FBA516A402 for ; Fri, 13 Apr 2007 20:12:43 +0000 (UTC) (envelope-from freebsd-ports@mlists.thewrittenword.com) Received: from mail1.thewrittenword.com (mail1.thewrittenword.com [67.95.107.114]) by mx1.freebsd.org (Postfix) with ESMTP id 28B9013C45D for ; Fri, 13 Apr 2007 20:12:41 +0000 (UTC) (envelope-from freebsd-ports@mlists.thewrittenword.com) Received: by mail1.thewrittenword.com (Postfix, from userid 1000) id 3112E435; Fri, 13 Apr 2007 15:12:40 -0500 (CDT) Date: Fri, 13 Apr 2007 15:12:40 -0500 From: Albert Chin To: ports@freebsd.org Message-ID: <20070413201239.GE57920@mail1.thewrittenword.com> References: <20070413192326.GC57920@mail1.thewrittenword.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20070413192326.GC57920@mail1.thewrittenword.com> User-Agent: Mutt/1.5.6i Cc: Subject: Re: Anyone with pam_ldap/nss_ldap against ldaps working? X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: ports@freebsd.org List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Apr 2007 20:12:43 -0000 On Fri, Apr 13, 2007 at 02:23:26PM -0500, Albert Chin wrote: > I have configured the latest pam_ldap/nss_ldap on FreeBSD 6-STABLE. > I have /usr/local/etc/nss_ldap.conf and /usr/local/etc/ldap.conf > hard linked. Everything works fine with: > uri ldap://ldap.il.thewrittenword.com > base ou=users,dc=thewrittenword,dc=com > ldap_version 3 > rootbinddn cn=Manager,dc=thewrittenword,dc=com > pam_filter objectclass=posixAccount > pam_login_attribute uid > pam_member_attribute uniquemember > pam_min_uid 1000 > pam_password exop > nss_base_passwd ou=users,dc=thewrittenword,dc=com?one > nss_base_shadow ou=users,dc=thewrittenword,dc=com?one > nss_base_group ou=groups,dc=thewrittenword,dc=com?one > timelimit 10 > bind_timelimit 10 > and: > uri ldap://ldap.il.thewrittenword.com > base ou=users,dc=thewrittenword,dc=com > ldap_version 3 > rootbinddn cn=Manager,dc=thewrittenword,dc=com > pam_filter objectclass=posixAccount > pam_login_attribute uid > pam_member_attribute uniquemember > pam_min_uid 1000 > pam_password exop > nss_base_passwd ou=users,dc=thewrittenword,dc=com?one > nss_base_shadow ou=users,dc=thewrittenword,dc=com?one > nss_base_group ou=groups,dc=thewrittenword,dc=com?one > ssl start_tls > tls_checkpeer yes > tls_cacertfile > timelimit 10 > bind_timelimit 10 > > But this doesn't work: > uri ldaps://ldap.il.thewrittenword.com > base ou=users,dc=thewrittenword,dc=com > ldap_version 3 > rootbinddn cn=Manager,dc=thewrittenword,dc=com > pam_filter objectclass=posixAccount > pam_login_attribute uid > pam_member_attribute uniquemember > pam_min_uid 1000 > pam_password exop > nss_base_passwd ou=users,dc=thewrittenword,dc=com?one > nss_base_shadow ou=users,dc=thewrittenword,dc=com?one > nss_base_group ou=groups,dc=thewrittenword,dc=com?one > tls_checkpeer yes > tls_cacertfile > timelimit 10 > bind_timelimit 10 Ok, found the problem. "ssl on" was required. -- albert chin (china@thewrittenword.com)