http://bugzilla.novell.com/show_bug.cgi?id=623752 http://bugzilla.novell.com/show_bug.cgi?id=623752#c0 Summary: yast ldap module doesn't setup ldaps correctly Classification: openSUSE Product: openSUSE 11.2 Version: Final Platform: 64bit OS/Version: openSUSE 11.3 Status: NEW Severity: Major Priority: P5 - None Component: YaST2 AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: alston@utdallas.edu QAContact: jsrain@novell.com Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.10) Gecko/20100506 SUSE/3.5.10-0.1.1 Firefox/3.5.10 I used almost identical settings for the "yast2 ldap" module in 11.3 as I did in 11.2 but it /var/log/messages kept complaining that it couldn't connect to the LDAP server until I manually copied the /etc/ldap.conf file the "yast2 ldap" module from 11.2 made onto the 11.3 box. Reproducible: Always Steps to Reproduce: 1. yast2 ldap 2. set LDAP server host 3. set LDAP base DN correctly 4. select "LDAP TLS/SSL" checkbox 5. select "ok" 6. getent passwd <ldap-login-id> Actual Results: -snip from /var/log/messages- Jul 19 18:06:04 linux-cotw worker_nscd: nss_ldap: ldap_start_tls failed: Can't contact LDAP server Jul 19 18:06:04 linux-cotw worker_nscd: nss_ldap: ldap_start_tls failed: Can't contact LDAP server Jul 19 18:06:04 linux-cotw worker_nscd: nss_ldap: could not search LDAP server - Server is unavailable -snip- Expected Results: "getent passwd <ldap-login-id>" should show the passwd string for the specified <ldap-login-id>. * when I ran a tcpdump after I used the yast2 ldap module to setup LDAPS authentication I noticed that nscd was trying to use the default ldap port (389) instead of the ldaps port (636) * a comparison of the /etc/ldap.conf files generated by the yast2 ldap module between YaST in 11.2 and 11.3 shows that the following value is missing in the config generated by 11.3's YaST tls_checkpear = no -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.