[SAC] Re: LDAP server migration this Saturday evening
Martin Spott
Martin.Spott at mgras.net
Sat May 21 17:43:27 EDT 2011
On Sat, May 21, 2011 at 10:48:14PM +0200, Martin Spott wrote:
> On Sat, May 21, 2011 at 08:52:11PM +0200, Martin Spott wrote:
> Propagation should have been finished approx. 40 minutes ago. It looks
> like there's a problem with 'hyperquad'.
That's been a local LDAP configuration error on 'hyperquad': The OSGeo
SSL certificate wasn't updated to the new cert - which is now fixed.
> > Meanwhile I'll start searching for those 'clients' - scripts and/or
> > machines - who still didn't use SSL encryption for LDAP access, since
> > unencrypted access is forbidden on the new server.
>
> Ok, I _think_ I've fixed everything in '/etc/httpd/' on 'osgeo1', most
> notably the '/etc/httpd/conf.d/ldap_auth_url.inc', but also a couple of
> other files which were still referring to unencrypted LDAP and/or
> hardwired IP numbers.
Ok, these should be working, Drupal appears to authenticate properly.
BUT: There's a couple of Python scripts in '/var/www/cgi-bin/' on
'osgeo1' which don't SSL-encrypt their LDAP connection. Does anyone
know from memory how to SSL-enable this Python stuff ?
I _seems_ to me that 'ldap.open(server)' works for unencrypted sessions
only and 'ldap.initialize("ldaps://+server)' is the way to go for
SSL-encryption - but I'm far from being certain .... mmmmh, seems that
'ldap.open' is deprecated anyway:
http://www.python-ldap.org/doc/html/ldap.html
Anyone ?
I'll have to get up early on sunday (orchestra concert), thus I'll have
to go to bed now,
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
More information about the Sac
mailing list