I use something like this in my 11.1 config file for my ldap clients
<ldap>
ou=ldapconfig,dc=ks,dc=mydomain,dc=uni-kiel,dc=de
cn=admin,dc=ks,dc=mydomain,dc=uni-kiel,dc=de
false
false
dc=ks,dc=mydomain,dc=uni-kiel,dc=de
XXX.XXX.XXX.XXX
true
false
true
member
ou=group,dc=ks,dc=mydomain,dc=uni-kiel,dc=de
ou=people,dc=ks,dc=mydomain,dc=uni-kiel,dc=de
ou=people,dc=ks,dc=mydomain,dc=uni-kiel,dc=de
crypt
true
true
</ldap>
/etc/ldap.conf is auto generated :
# OpenLDAP SSL mechanism
# start_tls mechanism uses the normal LDAP port, LDAPS typically 636
ssl start_tls
ldap_version 3
pam_filter objectClass=posixAccount
nss_base_passwd ou=people,dc=ks,dc=mydomain,dc=uni-kiel,dc=de
nss_base_shadow ou=people,dc=ks,dc=mydomain,dc=uni-kiel,dc=de
nss_base_group ou=group,dc=ks,dc=mydomain,dc=uni-kiel,dc=de
tls_checkpeer no
#ssl on
Two questions :
1. Why is tls_checkpeer set to "no" or set at all ? I want have it
either enabled or not set at all so that the configuration in
/etc/openldap/ldap.conf is used as default.
2. Is "objectClass" in pam_filter objectClass=posixAccount spelled
correctly ? I think it should be spelled objectclass with a small c.
--
To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-autoinstall+help@opensuse.org