Re: [CentOS] LDAP and expired passwords

Sat, 01 Nov 2008 06:31:03 -0700 

On Fri, 31 Oct 2008, Filipe Brandenburger wrote:

Hi Felipe; many thanks for your reply.


# grep ^updateref /etc/openldap/slapd.conf


        updateref ldaps://ldap1.cbe.cornell.edu


# openssl x509 -text -in $(grep -i ^tlscertificatefile
/etc/openldap/slapd.conf | awk '{print$2}') | grep Subject:


master (line continuations added):
        Subject: C=US, ST=New York, O=Cornell School of Chemical and \
        Biomolecular Engineering/[EMAIL PROTECTED], \
        CN=ldap1.cbe.cornell.edu

slave:
        Subject: C=US, ST=New York, O=Cornell School of Chemical and \
        Biomolecular Engineering/[EMAIL PROTECTED], \
        CN=asimov.cbe.cornell.edu

 > What is the issuer of each certificate?

Same on master and all slaves:
        Issuer: O=Cornell School of Chemical and Biomolecular Engineering,
        L=Ithaca, ST=New York, C=US,
        CN=cbe.cornell.edu/[EMAIL PROTECTED]


Could you also send the /etc/ldap.conf of the client where you are
trying to change the password?


        host asimov.cbe.cornell.edu
        referrals yes
        base dc=cbe,dc=cornell,dc=edu
        ldap_version 3
        binddn cn=kelvin.cbe.cornell.edu,ou=Binddn,dc=cbe,dc=cornell,dc=edu
        bindpw XXXXXXXXX
        timelimit 120
        bind_timelimit 5
        bind_policy soft
        idle_timelimit 3600
        pam_password exop
        nss_base_passwd         ou=People,dc=cbe,dc=cornell,dc=edu?one
        nss_base_shadow         ou=People,dc=cbe,dc=cornell,dc=edu?one
        nss_base_group          ou=Group,dc=cbe,dc=cornell,dc=edu?one
        nss_base_hosts          ou=Hosts,dc=cbe,dc=cornell,dc=edu?one
        nss_base_services       ou=Services,dc=cbe,dc=cornell,dc=edu?one
        nss_base_networks       ou=Networks,dc=cbe,dc=cornell,dc=edu?one
        nss_base_protocols      ou=Protocols,dc=cbe,dc=cornell,dc=edu?one
        nss_base_rpc            ou=Rpc,dc=cbe,dc=cornell,dc=edu?one
        nss_base_ethers         ou=Ethers,dc=cbe,dc=cornell,dc=edu?one
        nss_base_netmasks       ou=Networks,dc=cbe,dc=cornell,dc=edu?ne
        nss_base_bootparams     ou=Ethers,dc=cbe,dc=cornell,dc=edu?one
        nss_base_aliases        ou=Aliases,dc=cbe,dc=cornell,dc=edu?one
        nss_base_netgroup       ou=Netgroup,dc=cbe,dc=cornell,dc=edu?one
        ssl start_tls
        tls_checkpeer yes
        tls_cacertdir /etc/openldap/cacerts
        tls_ciphers TLSv1

-Steve
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Reply via email to