Hello,
Sebastian Reinhardt <snr(a)lmv-hartmannsdorf.de> writes:
Dieter Kluenter schrieb:
> Hello Sebastian,
>
> Sebastian Reinhardt <snr(a)lmv-hartmannsdorf.de> writes:
>
>
>> Dieter Kluenter schrieb:
>>
>>> Hello Sebastian,
>>>
>>> Sebastian Reinhardt <snr(a)lmv-hartmannsdorf.de> writes:
>>>
>>>
>>>
>>>> Dieter Kluenter schrieb:
>>>>
>>>>
>>>>> Sebastian Reinhardt <snr(a)lmv-hartmannsdorf.de> writes:
[...]
As I tried to perform "ldapsearch" with TLS enabled I got some output
about "version trouble" of openldap server and client libraries. But now
I solved this problem and I have configured "pam_ldap" again.
The login with "TLSVerifyClient demand" (enabled in slapd.conf) works,
but not with "tls_checkpeer yes" in "/etc/ldap.conf". If
"tls_checkpeer" is "yes", the login is not possible (output:
"Permissions on the password database may be too restrictive").
The "strace -o /tmp/ldapsearch.txt ldapsearch -d 1 -x -ZZ -h
192.168.0.201 "(uid=*)" " is creating command line output:
[...]
For strace output take a look at the attached file, please.
I think that server and client do not comunicate via TLS, or do they?
And why can I login, but not search (with "tls_checkpeer no")?
Please check the output of
openssl x509 -in <server-key> -text | grep Subject
compare the CN value of Subject with your -h value of ldapsearch and
the host configuration in /etc/ldap.conf
-Dieter
--
Dieter Klünter | Systemberatung
http://www.dpunkt.de/buecher/2104.html
sip: +49.180.1555.7770535
GPG Key ID:8EF7B6C6
53°08'09,95"N
10°08'02,42"E