Dieter Kluenter wrote:
James james@nttmcl.com writes:
Dieter Kluenter wrote:
Hi,
James james@nttmcl.com writes:
Dieter Kluenter wrote:
"Dieter Kluenter" dieter@dkluenter.de writes:
James james@nttmcl.com writes:
[...]
And what is the TLS part of the consumer slapd.conf looking like?
Sorry, my fault, it should read ldap.conf
-Dieter
timelimit 120 bind_timelimit 120 idle_timelimit 3600 nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,postfix,messagebus URI ldaps://master.example.com BASE dc=example,dc=com ldap_version 3 pam_password exop ssl on tls_ciphers HIGH:MEDIUM:+SSLv2:RSA tls_checkpeer no TLS_CACERT /etc/ssl/cacert.pem TLS_REQCERT allow
Most of this are not valid parameters for OpenLDAP. This file is a mixture of pam_ldap.conf and openldap/ldap.conf
does that cause problems? because i just symlink libnss-ldap.conf and pam_ldap.conf to ldap.conf for ease of management If it does cause problems can you give me an example of what to separate out where?
It may cause problems in so far, that clients may refuse to recognise the file contents as valid parameters. You may strace or truss the slapd pid to view the files opend and read.
-Dieter
just for reference in case anybody else happens to have this little problem. I solved it by stripping the password from the key ssl files on the master and slave servers running ldaps: so that they didn't prompt for password when i start slapd like: openssl rsa -in master.key -out master.key.clear