Date: Tue, 27 Apr 2004 15:19:58 +0200 From: Oliver Eikemeier <eikemeier@fillmore-labs.com> To: Francesco Gringoli <francesco.gringoli@ing.unibs.it> Cc: eik@FreeBSD.org Subject: Re: conflicts between slapd and nsswitch (SSL not working) Message-ID: <408E5DFE.8040909@fillmore-labs.com> In-Reply-To: <9635BDFE-9849-11D8-B46A-000A95CD8008@ing.unibs.it> References: <9635BDFE-9849-11D8-B46A-000A95CD8008@ing.unibs.it>
next in thread | previous in thread | raw e-mail | index | archive | help
Francesco Gringoli wrote: > Packages: openldap2(0,1)-server, nss-ldap > > Hi all, > > If slapd is configured to run as a user different than root (default > config) > and nsswitch is configured to search first in files and then in ldap and > the ldap server specified for nsswitch is different then this, > when slapd starts its SSL engine seems down: > although slapd binds on port 636, traffic on this > port is not SSL (try with openssl s_client and see > that no certificate is returned during the handshake, > really there is no handshake at all). > Note: slapd start normally as the user specified in slapd.conf, > it is possible to do search inside the ldap db, > nss-ldap is ok and userid and gid are those defined in the ldap db, > BUT > the SSL engine is off. > > Note: if the ldap server specified for nsswitch is the same a time-out > occur, since the slapd calls getpwnam and the ldap module > cannot obtain anything. In this case the SSL engine is OK. What do you mean with `different' and `same' specified server? Also, some more iforemation would be useful, like uname -a pkg_info ldd /usr/local/libexec/slapd ps auxwww | grep slapd cat /usr/local/etc/openldap/slapd.conf cat /usr/local/etc/nss_ldap.conf -Oliver
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?408E5DFE.8040909>