Rick Stevens rps2@socal.rr.com writes:
Dieter Kluenter wrote:
Rick Stevens rps2@socal.rr.com writes:
Dieter Kluenter wrote:
[...]
This is only the content of slapd.conf, the relevant content of ldap.conf(5) is still missing, ldapsearch requires at least the path to CA, further information on the level of certificate checks and the prefered cipher suits are recommended options.
Terribly sorry, misread your message. I had posted my ldap.conf before, but here it is again:
host 192.168.1.53 base dc=eqspeed,dc=com rootbinddn uid=sysman,ou=people,dc=eqspeed,dc=com timelimit 15 bind_timelimit 10 bind_policy soft pam_lookup_policy yes pam_password clear_remove_old nss_base_passwd ou=People,dc=eqspeed,dc=com?one nss_base_shadow ou=People,dc=eqspeed,dc=com?one nss_base_group ou=Group,dc=eqspeed,dc=com?one nss_base_hosts ou=Hosts,dc=eqspeed,dc=com?one ssl start_tls ssl on #tls_cacertdir /etc/openldap/cacerts tls_cacertfile /etc/openldap/cacerts/allcerts.pem tls_reqcert never
That's what I thought, this is the wrong ldap.conf, read man ldap.conf(5).
-Dieter
openldap-software@openldap.org
-
Dieter Kluenter