Larry Ludwig wrote: > Hmm in my openldap ldap.conf file I defined the base dn, I don't > remember if that was done for any specific reason. > I have the base dn defined in both ldap.conf files (/etc/ldap.conf and /etc/openldap/ldap.conf are listed below). ldapsearch -x works from the command line on this system. One oddity about that is that ldapsearch -x uses ldaps:// so talks encrypted on port 636 not plain text on port 389 - this is correct as far as I am concerned, I don't want plain text communication. Puppet talks plain text on port 389 though. > What version of Puppetmaster are you using on what platform, with what > LDAP? > [r...@myhost]# rpm -q puppet-server puppet-server-0.24.7-4.el5
[r...@myhost]# cat /etc/redhat-release CentOS release 5.2 (Final) [r...@myhost]# rpm -q openldap-servers openldap-servers-2.3.27-8.el5_2.4 [r...@myhost]# grep -v "^#" /etc/ldap.conf | grep -v "^$" base dc=myorg,dc=org timelimit 120 bind_timelimit 120 idle_timelimit 3600 nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman uri ldaps://ldap.myorg.company.com/ ssl on tls_cacertdir /etc/openldap/cacerts pam_password crypt [r...@myhost]# cat /etc/openldap/ldap.conf URI ldaps://ldap.myorg.company.com/ BASE dc=myorg,dc=org TLS_CACERTDIR /etc/openldap/cacerts [r...@myhost]# ruby -rldap -e 'puts :installed' installed [r...@myhost]# ruby -rpuppet -e 'p Puppet.features.ldap?' true Much experimentation later... fixed, I had to specify the ldapxxx = parameters in the [puppetd] stanza of /etc/puppet/puppet.conf to make it work. e.g [puppetd] ldapserver=ldap.myorg.company.com ldapbase=dc=myorg,dc=org ldapuser=cn=admin,dc=myorg,dc=org ldappassword=mysecret -- Trevor Hemsley Infrastructure Engineer ................................................. * C A L Y P S O * 4th Floor, Tower Point, 44 North Road, Brighton, BN1 1YR, UK OFFICE +44 (0) 1273 666 350 FAX +44 (0) 1273 666 351 ................................................. www.calypso.com This electronic-mail might contain confidential information intended only for the use by the entity named. If the reader of this message is not the intended recipient, the reader is hereby notified that any dissemination, distribution or copying is strictly prohibited. * P * /*/ Please consider the environment before printing this e-mail /*/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
