On Thu, Jul 24, 2008 at 03:11:59PM +0000, Dharmin Mandalia wrote:
I've enabled TLS and am getting below error msg's in
/var/log/secure file on Fedora 9, which is my newly configured FDS , if disable TLS , am
able to ssh onto the FDS server and with TLS enabled unable to login via ssh.
[snip]
sshd[5487]: nss_ldap: could not search LDAP server - Server is
unavailable
[snip]
/etc/ldap.conf file on Fedora 9, (FDS server ) shows as :-
[snip]
ssl start_tls
tls_checkpeer yes
tls_cacertfile /etc/openldap/cacerts/cacert.asc
pam_password md5
uri ldap://127.0.0.1/
tls_cacertdir /etc/openldap/cacerts
If you're using SSL or TLS, the LDAP client library is going to compare
the names in the certificate that the server uses against the value that
was given in the client's configuration (in this case "127.0.0.1"), and
it looks like they're not matching up here.
Typically the certificate uses an actual hostname as a "CN" value in its
subject, so you'd need to specify the server URI using a hostname rather
than an IP address to make sure that they match.
If that's not what's going on here, please post a copy of the
certificate that the server's using so that we can have a look.
HTH,
Nalin