[prev in list] [next in list] [prev in thread] [next in thread] 

List:       nssldap
Subject:    [nssldap] Issues with TLS
From:       Jay Chandler <chandler.lists () chapman ! edu>
Date:       2007-07-25 23:36:44
Message-ID: 46A7DE8C.8020406 () chapman ! edu
[Download RAW message or body]

I've enabled TLS on the server, and I can create a session correctly.

I can cd ~USERNAME to an LDAP user's home directory; however, when I try 
to su to that user, the system hangs.

/var/log/messages shows the following:

Jul 25 16:07:04 wurfel cron[82494]: nss_ldap: could not search LDAP 
server - Server is unavailable
Jul 25 16:12:05 wurfel cron[82508]: nss_ldap: could not search LDAP 
server - Server is unavailable
Jul 25 16:13:05 wurfel cron[82510]: nss_ldap: could not search LDAP 
server - Server is unavailable
Jul 25 16:17:04 wurfel cron[82533]: nss_ldap: could not search LDAP 
server - Server is unavailable

/usr/local/etc/nss_ldap.conf contains the following:

host $ourldapserver
base dc=chapman,dc=edu
ldap_version 3
binddn uid=(This is correct)
bindpw **************
ssl start_tls
TLS_CACERT /usr/local/etc/openldap/cacert.pem
pam_password crypt
logdir /var/log


When I remove the ssl start_TLS and the tls_cacert line, things work 
correctly.  Anyone have any guidance?

Regards,
Jay Chandler
[prev in list] [next in list] [prev in thread] [next in thread]