<html><head><style type='text/css'>p { margin: 0; }</style></head><body><div style='font-family: Times New Roman; font-size: 12pt; color: #000000'>A couple thoughts, disqualified by the fact that I'm nobody's LDAP expert.<br> - well-defined schema mods can be applied to AD<span> by a Schema Administrator<br> - FreeIPA is also a consistent, dependable LDAP implementation, and takes schema mods<br> - It's almost certainly a security setting or a broken trust.<br><br><span name="x"></span>--<br>David L. Willson<br>Trainer, Engineer, Enthusiast<br>RHCE Network+ A+ Linux+ LPIC-1 Ubuntu<br>Mobile 720-333-LANS(5267)<br><br>This is a good time for a r3VOLution.<span name="x"></span><br></span><br><hr id="zwchr"><blockquote style="border-left:2px solid rgb(16, 16, 255);margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;"><div dir="ltr">Anyone interested in discussing the rough edges of ldap? <br><br>At work we have an ldap system in place for 8-9 years with locally generated and signed certs. This has worked flawlessly up through RHEL/CentOS/etc. rel 5, but on rel 6.2 and later, starttls will no longer accpt our certs. So, I'm looking for one of 2 solutions. 1. Fix the problem. 2. Switch over to using AD for authentication. Complicating #2 is the fact that we use a modified schema to allow authorizing acess for specific hosts. Without that requirement, #2 would be no problem.<br>
</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, May 13, 2013 at 11:45 AM, David L. Anselmi <span dir="ltr"><<a href="mailto:anselmi@anselmi.us" target="_blank">anselmi@anselmi.us</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">So I have no speaker lined up for tomorrow and I won't be able to be there to amaze you with what I<br>
can talk about off the top of my head. (Amaze, bore, depends on your perspective I guess.)<br>
<br>
I'd encourage everyone to get together anyway though. Maybe someone will show up with an<br>
interesting topic. Or just throw out questions and ideas. I'd be up for that if I were able<br>
because someone always has something I don't know about to share.<br>
<div class="HOEnZb"><div class="h5"><br>
Thanks!<br>
Dave<br>
<br>
_______________________________________________<br>
clue mailing list: <a href="mailto:clue@cluedenver.org" target="_blank">clue@cluedenver.org</a><br>
For information, account preferences, or to unsubscribe see:<br>
<a href="http://cluedenver.org/mailman/listinfo/clue" target="_blank">http://cluedenver.org/mailman/listinfo/clue</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Collins Richey<br> If you fill your heart with regrets of yesterday and the worries <br> of tomorrow, you have no today to be thankful for.
</div>
<br>_______________________________________________<br>clue mailing list: clue@cluedenver.org<br>For information, account preferences, or to unsubscribe see:<br>http://cluedenver.org/mailman/listinfo/clue</blockquote><br></div></body></html>