Richard,

I'm trying to use Netgroups to employ control access to groups of hosts to groups of users just as with NIS. I've searched the web for decent example to create the netgroup containter within FDS, but haven't discovered any.

=-Clem

-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of fedora-directory-users-request@redhat.com Sent: Thursday, October 04, 2007 9:00 AM To: fedora-directory-users@redhat.com Subject: Fedora-directory-users Digest, Vol 29, Issue 5

Send Fedora-directory-users mailing list submissions to fedora-directory-users@redhat.com

To subscribe or unsubscribe via the World Wide Web, visit https://www.redhat.com/mailman/listinfo/fedora-directory-users or, via email, send a message with subject or body 'help' to fedora-directory-users-request@redhat.com

You can reach the person managing the list at fedora-directory-users-owner@redhat.com

When replying, please edit your Subject line so it is more specific than "Re: Contents of Fedora-directory-users digest..."

Today's Topics:

1. Re: nss_ldap cannot authenticate vs FDS (Peter Santiago) 2. Re: problem with SSL and load balance (Enrico M. V. Fasanelli) 3. linux authentication though ds (lance raymond) 4. RE: problem with SSL and load balance (Richard Hesse) 5. Re: problem with SSL and load balance (Jazcek Braden) 6. Re: linux authentication though ds (Marc Sauton) 7. Re: problem with SSL and load balance (Marc Sauton) 8. Re: problem with SSL and load balance (Marc Sauton) 9. Fedora-DS/netgroup configuration (Clementous Clement) 10. Re: Fedora-DS/netgroup configuration (Steve Rigler) 11. Re: RedHat 4/Fedora-DS - SSL Cert DB not readable? (Glenn)

----------------------------------------------------------------------

Message: 1 Date: Thu, 04 Oct 2007 00:08:05 +0800 From: Peter Santiago peters@psinergybbs.com Subject: Re: [Fedora-directory-users] nss_ldap cannot authenticate vs FDS To: "General discussion list for the Fedora Directory server project." fedora-directory-users@redhat.com, Steve Rigler srigler@marathonoil.com Message-ID: 20071004000805.w0m9bmxk6cws4sk0@webmail.psinergybbs.com Content-Type: text/plain; charset="iso-8859-1"

Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3051 bytes Desc: S/MIME Cryptographic Signature Url : https://www.redhat.com/archives/fedora-directory-users/attachments/20071 004/cd9c6979/smime.bin

------------------------------

Message: 2 Date: Wed, 03 Oct 2007 19:49:56 +0200 From: "Enrico M. V. Fasanelli" Enrico.M.V.Fasanelli@le.infn.it Subject: Re: [Fedora-directory-users] problem with SSL and load balance To: "General discussion list for the Fedora Directory server project." fedora-directory-users@redhat.com Message-ID: 4703D644.9020608@le.infn.it Content-Type: text/plain; charset="iso-8859-1"

Hi Victor,

have you tried with a certificate that contains the alternate name of the server?

Something like X509v3 Subject Alternative Name: DNS:fds.mydomain.com, DNS:fds1.mydomain.com

Ciao, Enrico

Victor Hugo dos Santos wrote:

Hello List,

I have the same problem that Alex Aka in Apr 2006

http://www.redhat.com/archives/fedora-directory-users/2006-April/msg0002 2.html

I have two FDS (fds1 and fds2) in MMR

in the DNS I create this machines

fds1 IN A 10.0.0.11 fds2 IN A 10.0.0.12 fds IN A 10.0.0.11 fds IN A 10.0.0.12

in the clients, I configure the ldap.conf with this parameters:

BASE dc=mydomain,dc=com URI ldap://fds.mydomain.com

this configuration work very,very fine !!!! exist replication between servers and fault tolerance in the clients.. but i enable SSL in server and in the clients (ldap.conf)

BASE dc=mydomain,dc=com URI ldaps://fds.mydomain.com TLS_CACERT /etc/ssl/certs/cacert.org.pem TLS_REQCERT allow

and "no" work !!! :-( i receive this error:

ldap_bind: Can't contact LDAP server (-1)

additional info: TLS: hostname does not match CN in peer certificate

this problem, is derivate that i configured the servers with one certificate and distinct CN for independent serves (fds1 and fds2)...

if I config one same certificate with same CN (fds) for both nodes (fds1 and fds2).. work fine in the clients, but the replication dont work !!! :-(

obs.: my certificates is sign in http://cacert.org

any idea or suggestion ???

thanks