On Sat, Jul 28, 2012 at 4:25 PM, fosiul alam
<expertalert@gmail.com> wrote:
Hi
Dont know how to reply on same thread.
Just click on reply & leave the subject of mail un-touched
but thank for quick reply.
its case sensitive. so I created the cert file
and i put that one into client , and i configured as documentated
/etc/openldap/ldap.conf
URI ldap://ldap-2.fosiul.lan/
BASE dc=fosiul,dc=lan
TLS_CACERTDIR /etc/openldap/cacerts/
TLS_REQCERT allow
#TLS_CACERT /etc/openldap/cacerts/cacert.asc
and in /etc/ldap.conf
base dc=fosiul,dc=lan
uri ldap://ldap-2.fosiul.lan/
ssl start_tls
tls_cacertdir /etc/openldap/cacerts/
#TLS_CACERT /etc/openldap/cacerts/cacert.asc
pam_password md5
You should use pam_password clear because Your password is being hashed by your client system before it is sent to the Directory Server. This is not allowed since the server would have no way to enforce it's password policy against a pre-hashed password. You need to configure /etc/ldap.conf to send the clear text password to the LDAP server. You should use SSL/TLS to protect the password in transit (which you already have).
and i can see it created another file in /etc/openldap/cacerts/ directory like ths
5be5959f.0 ds-ca.crt
and when i do like this
id usrname
it does not find the user and i dont see any error in /var/log/message
so its like its connecting to ldap. .but it does not get any information
do i have to say Cn="Directory Manager" some where in ldap.conf file ??
thanks for your help.
Fosiul
but in clients , log file