[Bug 249881] Re: Hardy slapd server is not supporting sasl/external authentication
Mathias Gug
mathiaz at ubuntu.com
Fri Sep 5 22:40:30 BST 2008
Hi,
I've followed the steps you've followed to generate the certificates and
was unable to reproduce your problem:
mathiaz at t-slapd-h:~$ ldapsearch -x -H ldaps:/// -b "" -LLL -s base supportedSASLMechanisms
dn:
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: NTLM
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: EXTERNAL
On Fri, Sep 05, 2008 at 02:33:03AM -0000, Dragomir Minkovski wrote:
> # Configuration files:
>
> # /home/ubuntu/.ldaprc
>
> TLS_CACERT /root/ca.crt
> TLS_CERT /home/ubuntu/client.crt
> TLS_KEY /home/ubuntu/client.key
>
> # /etc/ldap/slapd.conf
>
> TLSCACertificateFile /root/ca.crt
> TLSCertificateFile /root/server.crt
> TLSCertificateKeyFile /root/server.key
Could you use /etc/ssl/certs/ for ca.crt and server.crt and
/etc/ssl/private/ for server.key instead ?
Also make sure that the permission are set correctly on the files:
mathiaz at t-slapd-h:~$ ls -l /etc/ssl/certs/*crt
-rw-r--r-- 1 root root 1424 2008-09-05 17:16 /etc/ssl/certs/ca.crt
-rw-r--r-- 1 root root 1159 2008-09-05 17:16 /etc/ssl/certs/server.crt
mathiaz at t-slapd-h:~$ sudo ls -l /etc/ssl/private/
total 8
-rw-r----- 1 root ssl-cert 1675 2008-09-05 17:16 server.key
Don't forget to add the openldap user to the ssl-cert group.
Could you also update the .ldaprc file to reference
/etc/ssl/certs/ca.crt rather than /root/ca.crt ?
--
Mathias Gug
Ubuntu Developer http://www.ubuntu.com
--
Hardy slapd server is not supporting sasl/external authentication
https://bugs.launchpad.net/bugs/249881
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap2.3 in ubuntu.
More information about the Ubuntu-server-bugs
mailing list