[Bug 1198282] New: yast2 users module does not connect to 389-ds server...
http://bugzilla.opensuse.org/show_bug.cgi?id=1198282 Bug ID: 1198282 Summary: yast2 users module does not connect to 389-ds server... Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: screening-team-bugs@suse.de Reporter: jshand2013@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- i have run into a problem where i user yast2 directory server module to set up a ldaps server with TLS with my own certificates. the problem is when you go to use yast2 users module under Users/Groups Set Filter to LDAP users or ldap groups, you are unable to connect to the 389-ds with the username and password you set in LDAP and Kerberos module -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1198282 http://bugzilla.opensuse.org/show_bug.cgi?id=1198282#c1 --- Comment #1 from John Shand <jshand2013@gmail.com> --- Created attachment 858004 --> http://bugzilla.opensuse.org/attachment.cgi?id=858004&action=edit after yast2 directory server installation module -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1198282 http://bugzilla.opensuse.org/show_bug.cgi?id=1198282#c2 --- Comment #2 from John Shand <jshand2013@gmail.com> --- the directory was setup by that module without any problems. however, i had to use certutil to reinstall my own certificate ca, server cert p12 file. that all started without problems my certificates are set up correctly: openssl s_client -connect www.nc.com:636 CONNECTED(00000003) depth=1 C = NZ, O = Global Certificates Ltd., CN = globalcertsca verify return:1 depth=0 C = NZ, O = Global Certificates Ltd., CN = www.nc.com verify return:1 --- Certificate chain 0 s:C = NZ, O = Global Certificates Ltd., CN = www.nc.com i:C = NZ, O = Global Certificates Ltd., CN = globalcertsca 1 s:C = NZ, O = Global Certificates Ltd., CN = globalcertsca i:C = NZ, O = Global Certificates Ltd., CN = globalcertsca --- Server certificate -----BEGIN CERTIFICATE----- MIIC0DCCAjKgAwIBAgIIYhTylJZcqiEwCgYIKoZIzj0EAwQwSDELMAkGA1UEBhMC TloxITAfBgNVBAoTGEdsb2JhbCBDZXJ0aWZpY2F0ZXMgTHRkLjEWMBQGA1UEAxMN Z2xvYmFsY2VydHNjYTAgFw0yMjA0MTAwNTM3MDBaGA8yMDYyMDQxMDA1MzcwMFow RTELMAkGA1UEBhMCTloxITAfBgNVBAoTGEdsb2JhbCBDZXJ0aWZpY2F0ZXMgTHRk LjETMBEGA1UEAxMKd3d3Lm5jLmNvbTCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAE AB++mM0Cr+oVGYNS9YaXmJY2ZajXKt8kSt+ty5uLV3WrStcbFhWHOME0G4KijYRO LtyTg8gl1wLoFFhmqGIEZyzqAbkh3e9XqdoEYNPvciRakWKgQ4lnule9+OMgBxwo 9ddfnAwk/pRBKbRBqwKc8ouxhglbS55k+gBhteqOfl2ShAcbo4HDMIHAMAwGA1Ud EwEB/wQCMAAwHQYDVR0OBBYEFFoCFqObkZH0GsjD0q7XJ4FNlTGJMB8GA1UdIwQY MBaAFLrIsG+n6Vtl++4AB+BqJaXCGx9uMAsGA1UdDwQEAwID+DATBgNVHSUEDDAK BggrBgEFBQcDATAbBgNVHREEFDASggp3d3cubmMuY29thwTAqDkCMBEGCWCGSAGG +EIBAQQEAwIGQDAeBglghkgBhvhCAQ0EERYPeGNhIGNlcnRpZmljYXRlMAoGCCqG SM49BAMEA4GLADCBhwJCAek/1qOSzq5bMcrgS9sc0/4f4lcJjqgjn7xftvRH4Vso nKxeufHwF92TA62yGG34O8JcU5IQLM0tqYuUWK1XNjVvAkFmumOD6TYKZY+j/Lrj axUl8OhzyZH3cbi1FLjhtDfMIeH0Qe0mWRuNx6U7IKJILj57bn8JB42KtIqwnaQ4 eaMvXA== -----END CERTIFICATE----- subject=C = NZ, O = Global Certificates Ltd., CN = www.nc.com issuer=C = NZ, O = Global Certificates Ltd., CN = globalcertsca --- Acceptable client certificate CA names C = NZ, O = Global Certificates Ltd., CN = globalcertsca Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ECDSA+SHA1:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:RSA+SHA1 Shared Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Peer signing digest: SHA512 Peer signature type: ECDSA Server Temp Key: X25519, 253 bits --- SSL handshake has read 1897 bytes and written 414 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256 Server public key is 521 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1198282 http://bugzilla.opensuse.org/show_bug.cgi?id=1198282#c3 --- Comment #3 from John Shand <jshand2013@gmail.com> --- Created attachment 858007 --> http://bugzilla.opensuse.org/attachment.cgi?id=858007&action=edit y2log after using ldap and kerberos module -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1198282 http://bugzilla.opensuse.org/show_bug.cgi?id=1198282#c4 --- Comment #4 from John Shand <jshand2013@gmail.com> --- Created attachment 858008 --> http://bugzilla.opensuse.org/attachment.cgi?id=858008&action=edit yast2 installation logs -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1198282 http://bugzilla.opensuse.org/show_bug.cgi?id=1198282#c5 --- Comment #5 from John Shand <jshand2013@gmail.com> --- Created attachment 858009 --> http://bugzilla.opensuse.org/attachment.cgi?id=858009&action=edit journalctl -a logs -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1198282 http://bugzilla.opensuse.org/show_bug.cgi?id=1198282#c6 --- Comment #6 from John Shand <jshand2013@gmail.com> --- Created attachment 858010 --> http://bugzilla.opensuse.org/attachment.cgi?id=858010&action=edit systemctl -a logs -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com