[UniMacTech] leopard RFC 2307 authentication issue ?
Peter Varitimidis
Peter.Varitimidis at rmit.edu.au
Wed Nov 14 16:32:47 EST 2007
On 14/11/2007, at 3:39 AM, Nigel Kersten wrote:
>
> On Nov 12, 2007, at 4:12 PM, Kemal Demis wrote:
>
>> Thanks for the tip http://discussions.apple.com/thread.jspa?
>> messageID=5799888 worked for me.
>> I edited the edited the TLS_REQCERT /etc/openldap/ldap.conf and
>> set it to TLS_REQCERT = never
>> By default in Leopard, this is set to 'demand' (which is the
>> openldap default), but in Tiger, it's set to 'never'.
>> I then rebooted the machine, and now it LDAP and E-Directory
>> authentication works in Leopard.
>
> So I would suggest running something like:
>
> openssl s_client -showcerts -connect your.ldap.server:636
>
> and check whether openssl complains.
>
> If you copy/paste the certs from this output and trust them in the
> System keychain and it still doesn't work... file a bug report, and
> file impact data along with the bug report
>
> I'm seeing bugs with certain root authorities that the OS should
> trust but doesn't wrt DirectoryServices.
>
> This isn't ideal having to switch Leopard clients to a more
> insecure mode, and we should get Apple to fix it.
>
I am able to replicate this on eDir 8.739 Netware 6.5 sp6
10.5 clients can now can bind over SSL, and the ldap.conf file set to
TLS_REQCERT = demand
The certificates in Keychain are not respected.
Peter Varitimidis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://auc.uow.edu.au/pipermail/unimactech/attachments/20071114/273bd34e/attachment.html
More information about the unimactech
mailing list