[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[Bug 1211] Unable to log into lwat using the admin user


------- Additional Comments From pere@hungry.com  2007-07-04 17:59 -------
I got some help and was able to figure out the problem.  There were several
of them.  First of all, the file /etc/ldap/ssl/ldap-server-pubkey.pem did not
contain the content it should.  It was not the certificate usable by the
client to check the connection to the server.  It was something else.  Not
quite sure what it was.  I've rewritten the code generating it to extract
the hopefully correct content from /etc/ldap/ssl/slapd.pam on the server.
Next, the /etc/ldap/ldap.conf file needed a
"tls_cacert etc/ldap/ssl/ldap-server-pubkey.pem" setting to find the
certificate.  Apparently the default is not to look in /etc/ldap/ssl/
for certificates, and using the tls_cacertdir setting did not work.

Finally, I got a tip on how to use the openssl program to extract the server
certificate directly from the LDAP server ssl port, so I rewrote the
code used to fetch the server certificate to not use http, and instead download
the certificate directly.  The file is still available from http, but it is no
longer used.

A fix was just uploaded. I hope it solve the problem for good.  I'll close this
bug as soon as I have been able to test that it still work.

A good way to test if the server connection is working is to run
'ldapwhoami -ZZ -x -h ldap' on the client.  This remove the need for reloading
apache to test the changes.

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

Reply to: