From: Graham Allan (allan@physics.umn.edu)
Date: Fri Jun 04 2004 - 15:16:43 EDT
This is more of a summary than a question, although there was no
question preceding it. But it looks as if others had asked the question
in the past, and I saw no replies...
We've been converting our Tru64 systems to use the LDAP authentication
module provided with 5.1B. Many people seem to have lamented the fact
that it couldn't connect to the LDAP server using an SSL connection. On
looking at it more closely, though, the ldapcd binary is linked against
libssldap50.so, and contains many strings concerning ssl. So there was
a hint that it might be possible.
HP support, when asked, said "I've never heard of anyone asking for
that", and we heard no more...
Well, it does work, although I can't claim credit for making it do so
(my assistant Andy did all the work on this).
/etc/ldapcd.conf needs the port number changed, and an undocumented
option added:
port: 636
usessl: 1
ldapcd also needs the ssl certificate of the ldap server in a
netscape-format certificate database, held in the directory
/etc/cert7.db (so the actual file is /etc/cert7.db/cert7.db)
Some actual documentation on this would be nice, but I'm now sure how
to get the message back to HP on this, since our support call was
fairly fruitless!
G.
-- ------------------------------------------------------------------------- Graham Allan - I.T. Manager - gta@umn.edu - (612) 624-5040 School of Physics and Astronomy - University of Minnesota -------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:50:00 EDT