Thank you Johannes,
> Can you try again without ignoring the certificate, but specify the server'sFQDN
> instead of localhost?
I have done as you suggest (see dsrc contents below), restarted the instance, then (note: ldaps://ent-a.aeho.lan):
LDAPTLS_CACERT=/etc/dirsrv/slapd-localhost/ca.crt ldapwhoami -v -H ldaps://ent-a.aeho.lan -D uid=huncl01,ou=people,dc=aeho,dc=lan -W -x
and the results remains:
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
If that worked, I would be very concerned as the whole idea is not *not* be tied to a specific hostname (unless running multiple LDAP servers, no?)
I've put everything back the way it should (?!) be... but here's my .dsrc file to test your theory:
[localhost]
uri = ldapi://%%2fvar%%2frun%%2fslapd-localhost.socket
basedn = dc=aeho,dc=lan
binddn = cn=Directory Manager
[localhost-ldaps]
#uri = ldaps://localhost
uri = ldaps://ent-a.aeho.lan
basedn = dc=aeho,dc=lan
binddn = cn=Directory Manager
tls_cacertdir = /389
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
No comments:
Post a Comment