deactivate ldap.attrmap [SEC=UNCLASSIFIED]
Sebastian Heil
s3b0 at gmx.de
Fri Feb 1 15:49:27 CET 2008
>
> I have seen the later comments in the thread, but I think the problem is
> that you need to choose whether to use tls or ssl. If you use tls, you
> should connect to port 389 and issue start-tls. If you use ssl you
> connect to 636 and don't do start-tls. Doing both, ie connect to 636 and
> issue start-tls is probably a bad thing.
>
> Another this you could try is to ark up an openldap server on a linux
> box. You can run the server with debugging switched on and see the
> entire certificate negotiation from the servers point of view.
>
> Regards,
> Frankl Ranner
The problem is now fixed. First, i activated the complete debug of the ldap module with "ldap_debug =0xFFFF". (Thanks Novell!)
So, in this debug, i saw, that the cn in the certificate differs from the name of the server. so, i fixed this in my configuration, and everything works fine now.
How can I/we improve the documentation of the ldap module? for example: it should be mentioned, that you need the config "ldap_debug =0xFFFF" for the complete ldap debug... and a few other things like the undocumented config-option "port"... it should be added to the config-file.
what do the others think?
Thanks for all the support! great job!
Sebastian
--
Psssst! Schon vom neuen GMX MultiMessenger gehört?
Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger
More information about the Freeradius-Users
mailing list