"Dieter Kluenter" dieter@dkluenter.de writes:
Hello,
Sebastian Reinhardt snr@lmv-hartmannsdorf.de writes:
Dieter Kluenter schrieb:
Hello Sebastian,
Sebastian Reinhardt snr@lmv-hartmannsdorf.de writes:
Dieter Kluenter schrieb:
Hello Sebastian,
Sebastian Reinhardt snr@lmv-hartmannsdorf.de writes:
Dieter Kluenter schrieb:
> Sebastian Reinhardt snr@lmv-hartmannsdorf.de writes:
[...]
As I tried to perform "ldapsearch" with TLS enabled I got some output about "version trouble" of openldap server and client libraries. But now I solved this problem and I have configured "pam_ldap" again. The login with "TLSVerifyClient demand" (enabled in slapd.conf) works, but not with "tls_checkpeer yes" in "/etc/ldap.conf". If "tls_checkpeer" is "yes", the login is not possible (output: "Permissions on the password database may be too restrictive").
The "strace -o /tmp/ldapsearch.txt ldapsearch -d 1 -x -ZZ -h 192.168.0.201 "(uid=*)" " is creating command line output:
[...]
For strace output take a look at the attached file, please. I think that server and client do not comunicate via TLS, or do they? And why can I login, but not search (with "tls_checkpeer no")?
Please check the output of openssl x509 -in <server-key> -text | grep Subject
sorry, that should read openssl x509 -in <server-certificate> -text | grep Subject
compare the CN value of Subject with your -h value of ldapsearch and the host configuration in /etc/ldap.conf
-Ddieter