Hi,
Given : SLES 11 SP1
LDAP Server
- auth via SSL is not working SSL & and start_TSL command is not working.
The funny thing. If created via yast / network services / LDAP server - everything works fine.
In case somebody could share a working XML file for a ldap server .....
Tia
Hajo
P.S
My LDAP Server XML file looks like. ( Created via yast autoinstallation , schema entries have been changed )
$ cat ldap_server.xml
<?xml version="1.0"?>
<!DOCTYPE profile>
<profile xmlns="http://www.suse.com/1.0/yast2ns" xmlns:config="http://www.suse.com/1.0/configns">
false
<ldap-server>
<daemon>
<listeners config:type="list">
<listentry>ldap</listentry>
<listentry>ldapi</listentry>
<listentry>ldaps</listentry>
</listeners>
<serviceEnabled config:type="boolean">true</serviceEnabled>
<slp config:type="boolean">false</slp>
</daemon>
<databases config:type="list">
<listentry>
<access config:type="list">
<listentry>
<access config:type="list">
<listentry>
<control></control>
<level>write</level>
<type>self</type>
<value></value>
</listentry>
<listentry>
<control></control>
<level>auth</level>
<type>*</type>
<value></value>
</listentry>
</access>
<target>
<attrs>userPassword</attrs>
</target>
</listentry>
<listentry>
<access config:type="list">
<listentry>
<control></control>
<level>write</level>
<type>self</type>
<value></value>
</listentry>
<listentry>
<control></control>
<level>read</level>
<type>*</type>
<value></value>
</listentry>
</access>
<target>
<attrs>shadowLastChange</attrs>
</target>
</listentry>
<listentry>
<access config:type="list">
<listentry>
<control></control>
<level>read</level>
<type>self</type>
<value></value>
</listentry>
<listentry>
<control></control>
<level>none</level>
<type>*</type>
<value></value>
</listentry>
</access>
<target>
<attrs>userPKCS12</attrs>
</target>
</listentry>
<listentry>
<access config:type="list">
<listentry>
<control></control>
<level>read</level>
<type>*</type>
<value></value>
</listentry>
</access>
<target/>
</listentry>
</access>
<checkpoint config:type="list">
<listentry>1024</listentry>
<listentry>5</listentry>
</checkpoint>
<directory>/var/lib/ldap</directory>
<entrycache>10000</entrycache>
<idlcache>30000</idlcache>
<indexes>
<cn>
<eq>1</eq>
<sub>1</sub>
</cn>
<displayName>
<eq>1</eq>
<sub>1</sub>
</displayName>
<gidNumber>
<eq>1</eq>
</gidNumber>
<givenName>
<eq>1</eq>
<sub>1</sub>
</givenName>
<mail>
<eq>1</eq>
</mail>
<member>
<eq>1</eq>
</member>
<memberUid>
<eq>1</eq>
</memberUid>
<objectclass>
<eq>1</eq>
</objectclass>
<sn>
<eq>1</eq>
<sub>1</sub>
</sn>
<uid>
<eq>1</eq>
<sub>1</sub>
</uid>
<uidNumber>
<eq>1</eq>
</uidNumber>
</indexes>
<rootdn>cn=Administrator,dc=int</rootdn>
<rootpw></rootpw>
<suffix>dc=tce,dc=eumetsat,dc=int</suffix>
<type>bdb</type>
</listentry>
</databases>
<globals>
<allow config:type="list"/>
<disallow config:type="list"/>
<loglevel config:type="list">
<listentry>none</listentry>
</loglevel>
<tlsconfig>
<caCertFile>/etc/openldap/CAcert.pem</caCertFile>
<certFile>/etc/openldap/ldap.cer</certFile>
<certKeyFile>/etc/openldap/ldap.key</certKeyFile>
<caCertDir></caCertDir>
<certKeyFile></certKeyFile>
<crlCheck>0</crlCheck>
<verifyClient>0</verifyClient>
</tlsconfig>
</globals>
<schema config:type="list">
<listentry>
<includeldif>/etc/openldap/schema/core.ldif</includeldif>
</listentry>
<listentry>
<includeldif>/etc/openldap/schema/cosine.ldif</includeldif>
</listentry>
<listentry>
<includeldif>/etc/openldap/schema/inetorgperson.ldif</includeldif>
</listentry>
<listentry>
<!-- <includeschema>/etc/openldap/schema/rfc2307bis.schema</includeschema> -->
<includeschema>/etc/openldap/schema/nis.schema</includeschema>
</listentry>
<listentry>
<!-- <includeschema>/etc/openldap/schema/yast.schema</includeschema> -->
</listentry>
</schema>
</ldap-server>
</profile>
--
To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse-autoinstall+owner@opensuse.org