[Mageia-sysadm] ldap server certificate (was: Re: [Mageia-discuss] Fosdem report)

nicolas vigier boklm at mars-attacks.org
Tue Feb 14 16:36:14 CET 2012


On Tue, 14 Feb 2012, Oliver Burger wrote:

> But shall we write that command line into the wiki? Aside from not working:
> [oli at beteigeuze avfs]$ ldapsearch -W -Z -h ldap.mageia.org  -D 
> uid=obgr_seneca,ou=People,dc=mageia,dc=org -b ou=Group,dc=mageia,dc=org
> ldap_start_tls: Connect error (-11)
> Enter LDAP Password:
> ldap_result: Can't contact LDAP server (-1)

It looks like we are still using a self-signed certificate on the ldap
server. So it's required to have "TLS_REQCERT allow" in /etc/openldap/ldap.conf
to be able to connect to the ldap server.

Should we also use the *.mageia.org certificate on the ldap server ?
Or have our own CA with keys distributed by rpm packages in the
distribution ?



More information about the Mageia-sysadm mailing list