I'm trying to set up openldap using TLS on a Red Hat 7.1 server. I've got basic openldap working OK, but whenever I enable TLS it stops working. That is, if I comment out the TLS-related entries in config file excerpts below, doing a "genent passwd" on the ldap server will show both the passwd entries from /etc/passwd AND those that I have loaded into ldap. However, enabling TLS (by uncommenting the "ssl start_tls" line in /etc/ldap.conf) causes "getent passwd" to list ONLY those entries from /etc/passwd: the ldap entries do not appear (and to no great surprise, those users listed in the ldap config cannot log in). Some specifics ... [root at tux /root]# rpm -qa | grep ldap openldap-clients-2.0.21-0.7.1 openldap-devel-2.0.21-0.7.1 openldap-servers-2.0.21-0.7.1 php-ldap-4.0.6-14 openldap-2.0.21-0.7.1 nss_ldap-189-1.7 The /etc/nsswitch.conf file says: passwd: files ldap shadow: files ldap group: files ldap In my /etc/ldap.conf file I've got: host 127.0.0.1 base dc=jeffclark,dc=net rootbinddn cn=proxyuser,dc=jeffclark,dc=net scope one pam_filter objectclass=posixaccount pam_login_attribute uid pam_check_host_attr yes pam_member_attribute gid pam_template_login_attribute uid pam_password md5 nss_base_passwd ou=People,dc=jeffclark,dc=net?one nss_base_shadow ou=People,dc=jeffclark,dc=net?one nss_base_group ou=Group,dc=jeffclark,dc=net?one ssl start_tls ... and in my /etc/openldap/slapd.conf I've got (among other things): TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCertificateFile /etc/openldap/slapd.pem TLSCertificateKeyFile /etc/openldap/slapd.pem The /etc/openldap/slapd.pem is a certficate that I generated using the tools provided in /usr/share/ssl/certs. Does anyone have any idea what I'm missing? Thanks. -- Jeff Clark mailto:jeff at jeffclark.net "Too soon old, too late smart." http://www.citilink.com/~jclark ------------------------------------------------------------------------------ Microsoft's success proves "You can fool some of the people, all of the time."