[Mageia-sysadm] ldap server certificate (was: Re: [Mageia-discuss] Fosdem report)
Michael Scherer
misc at zarb.org
Tue Feb 14 17:35:43 CET 2012
Le mardi 14 février 2012 à 16:36 +0100, nicolas vigier a écrit :
> On Tue, 14 Feb 2012, Oliver Burger wrote:
>
> > But shall we write that command line into the wiki? Aside from not working:
> > [oli at beteigeuze avfs]$ ldapsearch -W -Z -h ldap.mageia.org -D
> > uid=obgr_seneca,ou=People,dc=mageia,dc=org -b ou=Group,dc=mageia,dc=org
> > ldap_start_tls: Connect error (-11)
> > Enter LDAP Password:
> > ldap_result: Can't contact LDAP server (-1)
>
> It looks like we are still using a self-signed certificate on the ldap
> server. So it's required to have "TLS_REQCERT allow" in /etc/openldap/ldap.conf
> to be able to connect to the ldap server.
>
> Should we also use the *.mageia.org certificate on the ldap server ?
> Or have our own CA with keys distributed by rpm packages in the
> distribution ?
I would say "our own CA, but that's such a PITA :/
--
Michael Scherer
More information about the Mageia-sysadm
mailing list