[UniMacTech] leopard RFC 2307 authentication issue ?
Nigel Kersten
nigel at explanatorygap.net
Wed Nov 14 03:39:16 EST 2007
On Nov 12, 2007, at 4:12 PM, Kemal Demis wrote:
> Thanks for the tip http://discussions.apple.com/thread.jspa?messageID=5799888
> worked for me.
> I edited the edited the TLS_REQCERT /etc/openldap/ldap.conf and set
> it to TLS_REQCERT = never
> By default in Leopard, this is set to 'demand' (which is the
> openldap default), but in Tiger, it's set to 'never'.
> I then rebooted the machine, and now it LDAP and E-Directory
> authentication works in Leopard.
So I would suggest running something like:
openssl s_client -showcerts -connect your.ldap.server:636
and check whether openssl complains.
If you copy/paste the certs from this output and trust them in the
System keychain and it still doesn't work... file a bug report, and
file impact data along with the bug report
I'm seeing bugs with certain root authorities that the OS should trust
but doesn't wrt DirectoryServices.
This isn't ideal having to switch Leopard clients to a more insecure
mode, and we should get Apple to fix it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://auc.uow.edu.au/pipermail/unimactech/attachments/20071113/27948534/attachment.html
More information about the unimactech
mailing list