[Pdns-users] pdns LDAP + TLS
koen.deboeve
koen.deboeve at tiscali.be
Fri Oct 7 01:16:58 UTC 2005
Hi,
I have a working pdns,using the ldap backend.
but now I'm trying to use TLS
running strace -f ./pdns start shows me it loads ldap.conf, .ldaprc
and opens all the correct key material ( access to the files is OK )
but still got:
[LdapBackend] Ldap connection to server failed: Couldn't perform STARTTLS
Using the same .ldaprc, and keys on the commandline with ldapsearch -x -ZZ
works fine.
ldap.conf:
HOST localhost
URI ldap://localhost/
BASE dc=vserver,dc=com
TLS_CACERT /opt/chroot/etc/ssl/certs/cacert.pem
TLS_REQCERT demand
slapd.conf ( TLS part ):
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCACertificateFile /opt/chroot/etc/ssl/certs/cacert.pem
TLSCertificateFile /opt/chroot/etc/ssl/certs/servercrt.pem
TLSCertificateKeyFile /opt/chroot/etc/ssl/certs/serverkey.pem
TLSVerifyClient allow
$HOME/.ldaprc ( eported HOME in the pdns init script):
TLS_CERT /opt/chroot/etc/ssl/certs/ldap/clientcrt.pem
TLS_KEY /opt/chroot/etc/ssl/certs/ldap/clientkey.pem
pdns.conf:
ldap-host=127.0.0.1:389
ldap-starttls=yes
ldap-basedn=dc=vserver,dc=com
ldap-binddn=cn=pdns,ou=users,dc=vserver,dc=com
ldap-secret=xxxxxx
ldap-method=simple
Any point in the right direction would be appreciated.
--------------------------------------------------------
Scarlet ASDL - we hebben vast een formule die bij u past
Alle info op http://www.scarlet.be/nl/consumer/adsl/
More information about the Pdns-users
mailing list