[opensuse] Re: Is ldap TLS working?
lynn wrote:
1. What is the correct way of doing this?
This is up to others to answer; I don't use YaST.
2. Does this confirm that TLS is working? (all this just for one login?) [...] Oct 29 15:14:02 hh1 slapd[1798]: conn=1084 fd=34 TLS established tls_ssf=256 ssf=256
Yes, it's working. And yes, all that for one login. You should do an ls -l on a directory with files owned by many acccounts, too. That's why it's good practice to use nscd with LDAP authentication. And maybe turn down LDAP logging, after one has confirmed that it works. Joachim -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Joachim Schrod Email: jschrod@acm.org Roedermark, Germany -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
lynn wrote:
1. What is the correct way of doing this? This is up to others to answer; I don't use YaST. I tried from the command line too using Debian and got as far as a server client authentication. After trying the CA certificate setup and
On 11/01/2011 03:46 PM, Joachim Schrod wrote: the samba.schema integration after that I gave up :( With Yast, CA certificates, Samba and TLS are only a few clicks away.
2. Does this confirm that TLS is working? (all this just for one login?) [...] Oct 29 15:14:02 hh1 slapd[1798]: conn=1084 fd=34 TLS established tls_ssf=256 ssf=256 Yes, it's working.
And yes, all that for one login. You should do an ls -l on a directory with files owned by many acccounts, too.
That's why it's good practice to use nscd with LDAP authentication. And maybe turn down LDAP logging, after one has confirmed that it works.
Joachim
Thanks so much for this confirmation. I've now got the nscd started so I'm sure that that will lower the log messages. L x
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
[...]
That's why it's good practice to use nscd with LDAP authentication. And maybe turn down LDAP logging, after one has confirmed that it works. Instead of nscd one can use sssd, maybe together with kerberos. This is
Am 01.11.2011 15:46, schrieb Joachim Schrod: directly supported by YaST and offers the additional benefit of offline login. So the use of ldap is possible with notebooks and other mobile devices even when they are not connected to your ldap server. Herbert -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (3)
-
Herbert Graeber
-
Joachim Schrod
-
lynn