On Fri, Oct 07, 2005 at 06:47:59PM -0400, SR, ESC wrote: > Le ven 2005-10-07 a 18:34:47 -0400, Simon Law <[EMAIL PROTECTED]> a dit: > > > > I'm completely confused by this behaviour. I cannot reproduce this > > because for me, SSL does work. I don't think this is finger-ldap any > > more. > > > > Does 'ldaps://pylong.kisikew.org' work instead? > > does for everything else. both hosts resolve to a single IP, the certs > are freshly done (the first was done up not so long ago, and the > second was re-done [had expired]), the CNs match, and i've been > operating like this for a while. have heimdal kerberos working, etc.
Hmm... I'm puzzled, really I am. It would be nice if I could get a login on a machine of yours with Perl and strace on it, because I can't really reproduce it here. I'm very sorry about this! > > Also, is your libnet-ldap-perl setup correctly? Do you have an > > /usr/hsare/perl5/Net/LDAPS.pm? > > AFAIK, lemme check. > -rw-r--r-- 1 root root 1.9K 2005-04-25 18:54 /usr/share/perl5/Net/LDAPS.pm Man, that's too bizarre. Like, Net::LDAP::new _knows_ how to get https:// and use SSL. If you fire up the Perl debugger, does it at least try to use SSL? > indeed i do (with typo correction *grin*) > > oh, with the -m switch, it worked perfectly. > > ./finger-ldap -m simon [it's the v 1.17 checkout]. i don't see any > ldap lookups going on, lemme check the other DS's log... none there, > but it is working. The -m switch is designed to pass things directly to finger.real, without doing any queries. -- Simon Law http://www.law.yi.org/~sfllaw/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
