Date: Fri, 13 Apr 2007 15:12:40 -0500 From: Albert Chin <freebsd-ports@mlists.thewrittenword.com> To: ports@freebsd.org Subject: Re: Anyone with pam_ldap/nss_ldap against ldaps working? Message-ID: <20070413201239.GE57920@mail1.thewrittenword.com> In-Reply-To: <20070413192326.GC57920@mail1.thewrittenword.com> References: <20070413192326.GC57920@mail1.thewrittenword.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Apr 13, 2007 at 02:23:26PM -0500, Albert Chin wrote: > I have configured the latest pam_ldap/nss_ldap on FreeBSD 6-STABLE. > I have /usr/local/etc/nss_ldap.conf and /usr/local/etc/ldap.conf > hard linked. Everything works fine with: > uri ldap://ldap.il.thewrittenword.com > base ou=users,dc=thewrittenword,dc=com > ldap_version 3 > rootbinddn cn=Manager,dc=thewrittenword,dc=com > pam_filter objectclass=posixAccount > pam_login_attribute uid > pam_member_attribute uniquemember > pam_min_uid 1000 > pam_password exop > nss_base_passwd ou=users,dc=thewrittenword,dc=com?one > nss_base_shadow ou=users,dc=thewrittenword,dc=com?one > nss_base_group ou=groups,dc=thewrittenword,dc=com?one > timelimit 10 > bind_timelimit 10 > and: > uri ldap://ldap.il.thewrittenword.com > base ou=users,dc=thewrittenword,dc=com > ldap_version 3 > rootbinddn cn=Manager,dc=thewrittenword,dc=com > pam_filter objectclass=posixAccount > pam_login_attribute uid > pam_member_attribute uniquemember > pam_min_uid 1000 > pam_password exop > nss_base_passwd ou=users,dc=thewrittenword,dc=com?one > nss_base_shadow ou=users,dc=thewrittenword,dc=com?one > nss_base_group ou=groups,dc=thewrittenword,dc=com?one > ssl start_tls > tls_checkpeer yes > tls_cacertfile <path to crt> > timelimit 10 > bind_timelimit 10 > > But this doesn't work: > uri ldaps://ldap.il.thewrittenword.com > base ou=users,dc=thewrittenword,dc=com > ldap_version 3 > rootbinddn cn=Manager,dc=thewrittenword,dc=com > pam_filter objectclass=posixAccount > pam_login_attribute uid > pam_member_attribute uniquemember > pam_min_uid 1000 > pam_password exop > nss_base_passwd ou=users,dc=thewrittenword,dc=com?one > nss_base_shadow ou=users,dc=thewrittenword,dc=com?one > nss_base_group ou=groups,dc=thewrittenword,dc=com?one > tls_checkpeer yes > tls_cacertfile <path to crt> > timelimit 10 > bind_timelimit 10 Ok, found the problem. "ssl on" was required. -- albert chin (china@thewrittenword.com)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070413201239.GE57920>