[KLUG Members] Upgrade to RH 7.2

[Dirk H Bartley]

Adam Williams wrote:
> 
> >After having the BSWare cd's for more than a week, I finally gave it a try.  I
> >am however having one problem though.  I can't seem to get nss_ldap or gq to
> >perform a TLS bind.  Is there anyone out there who has already solved this
> >issue?
> 
> I haven't upgraded to RH7.2 on any box so everything that follows is a
> guess,  and I'm assuming you had TLS working before.
> 
> >When I try to log in with an ldap based password, the system logs tell me
> >"pam_ldap: ldap_startls_s: Connect error.
> 
> Is slapd listening on both 389 and 636?

To my suprise, slapd is listening on port 636.

> 
> Have you verified that your certificates are still OK?  You did upgrade
> openssl in the process of upgrading RH7.2 (I assume).  Possibly they
> moved a directory or changed some file permissions.  They love to create
> new uids that services run as between versions; leaving previous configs
> not working because the server process no longer has rights to read the
> files.
> 
> >When I use gq to browse or search a TLS ldap server, I get a dialog
> >box with a bomb illustration stating: "Couldn't enable TLS on the LDAP
> >connection: Can't contact LDAP server"
> 
> But you can connect "cleartext"?
> 
Yes, I can connect clear text if I use authconfig and turn off TLS on the RH7.2
client.  Just to clarify, I only updated a client machine.

Thanks for the help.  I'll look more tomorrow.

Dirk