Hello. I am also trying to bind from the O/S to LDAP using:
cat /etc/ldap.conf | grep -v "#" | sort
base dc=b,dc=c
bind_timelimit 120
idle_timelimit 3600
nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm,polkituser
pam_password md5
# # guess, to be tried later: sasl_mech=external
ssl start_tls
timelimit 120
tls_cacertdir /etc/openldap/cacerts
tls_cacertfile /etc/openldap/cacerts/authconfig_downloaded.pem
tls_cert /root/tools/tomate/X9999990_2.pem
tls_key /root/tools/tomate/X9999990.key
uri ldap://a.b.c/
Firstly, I see a related post which is well worth reading:
http://www.nabble.com/Using-tls_cert-key-without-rootbinddn-td9089498.html< and pointing me in the direction of SASL/EXTERNAL.
> I also misunderstood ! Can you please elaborate on the use of SASL/EXTERNAL ?
I inquired: For example, what options did you use in /etc/ldap.conf to enable SASL/EXTERNAL?
Iain replied: Due to other constraints, SASL/EXTERNAL was not pursued.
Q1. Can anyone else answer this question ?
Q2. My *.key file has no password.
For the record, I reckon I need the '-noDES' option if I don't want a
a key file password:
openssl req -newkey rsa:1024 -keyout ${FN}.key -out ${FN}.csr -days 7300 -noDES <<EOF
...
EOF
Q2. How might I specify the keyfile password in /etc/ldap.conf ?
Cdlt, Dave
---------
