-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2012-03-17 16:31, lynn wrote:
On 17/03/12 15:12, Carlos E. R. wrote:
You may want the certificate for something else other than LDAP server verification. Anyway, you don't need to have a server certificate if this is just a test lan. Get it working without security first. In Yast LDAP Client, don't check the sssd or tls options.
Noted. I think that the certificate I had created previously (years ago) I did because dovecot required it. I think it was dovecot, not sure now. So I'll try again to create it correctly (Thunderbird did complain once about incorrect certificate or something).
As I said, not that easy.
To be able to start again, you need to get rid of the root-ca. It's in either /var/lib/ca-certificates or /var/lib/CAM. Depending on how far you got, there may also be a server certificate under /etc/openldap. Lose that too.
I was thinking on those lines. /var/lib/ca-certificates: ca-bundle.pem, gcj-cacerts, java-cacerts, dated sep 15 2011, so they are not the files. /var/lib/CAM: Two directories named as my phony business name, so this is the place. Ok, deleted all that, created new certificate, but ldap module still refused to continue. The files in /etc/ldap are some dated 2005, some 2011, so they are not of interest.
One thing which really helped us was to draw out the tree of what you are trying to put into the database. Make sure that _every_ node is unique. I mean draw it with pen and paper and blu-tak it to your screen. With LDAP, having an aim is essential, otherwise the learning curve is just too steep. e.g. start with just cn, uid, gid and 'phone number. Armed with that you should be able to pinpoint everyone both personally and over NFS.
Understandable... but I have absolutely no idea of what to put on all those fields. I have been trying since 1998 when I started with Linux to put up an Ldap server. My initial intention was simply to store mail addresses of my friends, to be able to import them in any mail browser, because it is the only standard all mail clients understand. This time, for NFS usage, I have absolutely no idea what to put. If Yast does it with me clicking "next", fine, otherwise I quit. I have always abandoned. In all these years I have never put up an LDAP server. Compared with Microsoft Windows Active Directory, which is put up in under an hour (mostly waiting for it to finish with me doing nothing), ldap is terribly difficult. I quit again. This is absurdly difficult. - -- Cheers / Saludos, Carlos E. R. (from 11.4 x86_64 "Celadon" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAk9lBWsACgkQIvFNjefEBxoB5gCggc4ZNVAcQJ5P6+BwmH5/vrmI BMkAnj6GAiwylcaOUiJTMchr0TRf5TvY =SSjk -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org