[KLUG Members] Upgrade to RH 7.2
Dirk H Bartley
members@kalamazoolinux.org
Sun, 11 Nov 2001 23:25:09 -0500
Adam Williams wrote:
>
> >After having the BSWare cd's for more than a week, I finally gave it a try. I
> >am however having one problem though. I can't seem to get nss_ldap or gq to
> >perform a TLS bind. Is there anyone out there who has already solved this
> >issue?
>
> I haven't upgraded to RH7.2 on any box so everything that follows is a
> guess, and I'm assuming you had TLS working before.
>
> >When I try to log in with an ldap based password, the system logs tell me
> >"pam_ldap: ldap_startls_s: Connect error.
>
> Is slapd listening on both 389 and 636?
To my suprise, slapd is listening on port 636.
>
> Have you verified that your certificates are still OK? You did upgrade
> openssl in the process of upgrading RH7.2 (I assume). Possibly they
> moved a directory or changed some file permissions. They love to create
> new uids that services run as between versions; leaving previous configs
> not working because the server process no longer has rights to read the
> files.
>
> >When I use gq to browse or search a TLS ldap server, I get a dialog
> >box with a bomb illustration stating: "Couldn't enable TLS on the LDAP
> >connection: Can't contact LDAP server"
>
> But you can connect "cleartext"?
>
Yes, I can connect clear text if I use authconfig and turn off TLS on the RH7.2
client. Just to clarify, I only updated a client machine.
Thanks for the help. I'll look more tomorrow.
Dirk