ldif, a person with city and country
by Jobst Schmalenbach
Hi
Sorry, new member and just started using ldap (openldap). I am not sure
whether I can ask this question here as the name of the list specifies
"technical", if not please tell me list(s) where I can do so.
For starters I have read the O'reilly book, I tried to figure out my questions
using the help in the FAQ's, I searched to net ... but I am a little out of my
depth in the moment.
I am trying to get LDAP to work to help authentication in wordpress and
moodle, with wordpress being the main part and moodle uses LDAP for the
authentication (subscription based) and some info for each student from LDAP.
So far I can add entries to LDAP from wordpress, I can login to wordpress
using LDAP.
I have got it to work to allow access to moodle when the correct username
(uid) and password is found in LDAP but I want to add some info about each
student to LDAP, one the country and the other being the city (and later some
more).
So far I can add enough information for subscribers (billing address, uid,
telephone etc) using the standard schemas and object classes, but I need a
little mode info for each.
This is what I have:
dn: dc=MyDomain,dc=com,dc=au
dc: MyDomain
objectClass: domain
dn: o=Subscriptions,dc=MyDomain,dc=com,dc=au
o: Subscriptions
objectClass: organization
dn: ou=moodle,o=Subscriptions,dc=MyDomain,dc=com,dc=au
ou: moodle
objectClass: organizationalUnit
dn: uid=gemma, ou=moodle, o=Subscriptions, dc=MyDomain, dc=com, dc=au
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetorgPerson
objectclass: emailPerson
objectclass: NameViewPerson
cn=Gemma Turtle
sn=Turtle
givenName=Gemma Turtle
uid=gemma
countryCode=AU
I end up with an error "invalid structural object class chain", which I think
means the country needs to be higher up the tree, but then I would have to
create the tree branches for every country (for each person)?
Subscribers will come from different countries and countless cities (which I
haven't added yet) as this is part of the target audience.
I am not sure how to structure this.
Are there any ldif file around I can have a look that deal with subscriptions
like this?
Jobst
10 years, 10 months
OpenLDAP Proxy to AD of User Objects with full/correct schema
by Mailing Lists
I know this list gets a large number of questions about Active Directory
integration and this one is no different. I've tried to do as much research
as possible on my own but still have a few un-answered questions and
issues, so i'm adding yet another AD question to the list. Sorry in advance.
My initial foray into OpenLDAP was to use it to store the idmaps created by
Samba, so that mapped user and group IDs were identical between file
servers. As I thought about it more, I realized we could use LDAP to
centralize our Linux users, groups, and access to other LDAP-enabled
applications. The point of all this is, that I don't need to proxy Active
Directory (and its schema) in its entirety, I really just want to use it as
a central repository for user info and authentication.
So, I guess, my first question is: Is this a viable use case? All signs
seem to point to yes, but I just want to make sure.
I currently have a proxy database configured that is successfully
proxying/querying our AD infrastructure. From what I've read, OpenLDAP 2.3
and newer have the ability to proxy unknown schemas, but will be not be
able to do any advanced filtering because the schema is unknown. My
question is, given a full export of the AD schema from
CN=Schema,CN=Configuration,DC=corp,DC=whatever,DC=com via LDIFDE, is there
a way to leverage this to re-create parts of the AD schema so that OpenLDAP
can perform native filtering? I'm primarily only interested in the user
objects (ObjectClass=user).
I know that all of this might be easier if I was to use ADAM/ADLDS and/or
scrape the Samba4 schema, but i'd like to do it myself just for the
education it provides and because I'm trying to implement just the bare
minimum to our users. I've also seen the AD/Outlook Global Address List
entry in the FAQ, but that involves editing the OpenLDAP provided .schema
files. If possible, i'd like to keep all of these AD related schemas within
their own files and keep the OpenLDAP provided ones untouched.
Thanks for the help,
-Dave
10 years, 10 months
Fail to pass the basic functionality testing (test058-syncrepl-asymmetric)
by Jackie Zhang
Hi,
I installed the newest openldap-2.4.33 on my Linux machine. I run the test
in the tests directory. And I received the following error (attached below).
Mainly:
ERROR: Second site1 backend not replicated to central master
I can replay it everytime by executing "./run -b hdb
test058-syncrepl-asymmetric". Using hdb or mdb leads to the same result.
Is anybody know what is this problem? Is there something wrong on my
installation?
Thank you very much!
Best regards,
Jackie Zhang
============test058-syncrepl-asymmetric==================
Cleaning up test run directory leftover from previous run.
Running ./scripts/test058-syncrepl-asymmetric for bdb...
running defines.sh
Initializing master configurations...
Initializing search configurations...
Starting central master slapd on TCP/IP port 9011...
Using ldapsearch to check that central master slapd is running...
Starting site1 master slapd on TCP/IP port 9012...
Using ldapsearch to check that site1 master is running...
Starting site2 master slapd on TCP/IP port 9013...
Using ldapsearch to check that site2 master is running...
Starting central search slapd on TCP/IP port 9014...
Using ldapsearch to check that central search slapd is running...
Starting site1 search slapd on TCP/IP port 9015...
Using ldapsearch to check that site1 search slapd is running...
Starting site2 search slapd on TCP/IP port 9016...
Using ldapsearch to check that site2 search slapd is running...
Adding schema on ldap://localhost:9011/...
Adding schema on ldap://localhost:9012/...
Adding schema on ldap://localhost:9013/...
Adding schema on ldap://localhost:9014/...
Adding schema on ldap://localhost:9015/...
Adding schema on ldap://localhost:9016/...
Adding database config on central master...
Adding database config on site1 master...
Adding database config on site2 master...
Adding access rules on central master...
Adding access rules on site1 master...
Adding access rules on site2 master...
Adding database config on central search...
Adding database config on site1 search...
Adding database config on site2 search...
Populating central master...
Adding syncrepl on site1 master...
Adding syncrepl on site2 master...
Using ldapsearch to check that site1 master received changes...
Using ldapsearch to check that site2 master received changes...
Populating site1 master...
Populating site2 master...
Stopping site1 master...
Adding syncrepl on central master...
Using ldapsearch to check that central master received site2 entries...
Using ldapmodify to modify central master...
Restarting site1 master slapd on TCP/IP port 9012...
Using ldapsearch to check that site1 master is running...
Using ldapsearch to check that central master received site1 entries...
Using ldapsearch to check that site1 master received central master
update...
Using ldapsearch to check that site2 master received central master
update...
Adding syncrepl consumer on central search...
Adding syncrepl consumer on site1 search...
Adding syncrepl consumer on site2 search...
Using ldapsearch to check that central search received changes...
Using ldapsearch to check that site1 search received changes...
Using ldapsearch to check that site2 search received changes...
Checking contextCSN after initial replication...
Using ldapmodify to modify first backend on central master...
Using ldapsearch to check replication to central search...
Using ldapsearch to check replication to site1 search...
Using ldapsearch to check replication to site2 search...
Checking contextCSN after modify of first backend on central master...
Using ldapmodify to modify second backend on central master...
Using ldapsearch to check replication to site2 search...
Using ldapsearch to check no replication to site1 master...
Using ldapsearch to check no replication to central search...
Checking contextCSN after modify of second backend on central master...
Using ldapmodify to modify first backend on site1 master...
Using ldapsearch to check replication to site1 search...
Using ldapsearch to check replication to site2 master...
Using ldapsearch to check no replication to site2 search...
Using ldapsearch to check no replication to central search...
Checking contextCSN after modify of first backend on site1 master...
Using ldapmodify to modify second backend on site1 master...
Using ldapsearch to check replication to site1 search...
Using ldapsearch to check no replication to central master...
Checking contextCSN after modify of second backend on site1 master...
Using ldapmodify to modify first backend on site2 master...
Using ldapsearch to check replication to central master...
Using ldapsearch to check replication to site2 search...
Using ldapsearch to check no replication to site1 master...
Using ldapsearch to check no replication to central search...
Checking contextCSN after modify of first backend on site2 master...
Using ldapmodify to modify second backend on site2 master...
Using ldapsearch to check replication to site2 search...
Using ldapsearch to check no replication to central master...
Checking contextCSN after modify of second backend on site2 master...
Stopping central master and site2 servers to test start with emtpy db...
Starting site2 master slapd on TCP/IP port 9013...
Using ldapsearch to check that site2 master slapd is running...
Starting site2 search slapd on TCP/IP port 9016...
Using ldapsearch to check that site2 search slapd is running...
Starting central master slapd on TCP/IP port 9011...
Using ldapsearch to check that central master slapd is running...
Using ldapsearch to check that site2 master received base...
Using ldapsearch to check that site2 search received base...
Waiting 1 seconds for syncrepl to receive changes...
Checking contextCSN after site2 servers repopulated...
Adding syncrepl of second site1 master backend on central master...
Using ldapsearch to check that central master received second site1
backend...
Waiting 1 seconds for syncrepl to receive changes...
Waiting 2 seconds for syncrepl to receive changes...
Waiting 3 seconds for syncrepl to receive changes...
Waiting 4 seconds for syncrepl to receive changes...
Waiting 5 seconds for syncrepl to receive changes...
ERROR: Second site1 backend not replicated to central master
Restarting central master slapd on TCP/IP port 9011...
Using ldapsearch to check that central master slapd is running...
Waiting 1 seconds for slapd to start...
Using ldapsearch to check that central master received second site1
backend...
Using ldapsearch to check that central search received second site1
backend...
Waiting 1 seconds for syncrepl to receive changes...
Waiting 2 seconds for syncrepl to receive changes...
Waiting 3 seconds for syncrepl to receive changes...
Waiting 4 seconds for syncrepl to receive changes...
Waiting 5 seconds for syncrepl to receive changes...
ERROR: Second site1 backend not replicated to central search
Restarting central search slapd on TCP/IP port 9014...
Using ldapsearch to check that central search slapd is running...
Waiting 1 seconds for slapd to start...
Using ldapsearch to check that central search received second site1
backend...
Running 1 of 10 syncrepl race tests...
Stopping central master...
Using ldapadd to add entry on site1 master...
Starting central master again...
Using ldapsearch to check that central master received entry...
Using ldapsearch to check that central search received entry...
Stopping central master...
Using ldapdelete to delete entry on site1 master...
Starting central master again...
Using ldapsearch to check that entry was deleted on central master...
Using ldapsearch to check that entry was deleted on central search...
Running 2 of 10 syncrepl race tests...
Stopping central master...
Using ldapadd to add entry on site1 master...
Starting central master again...
Using ldapsearch to check that central master received entry...
Using ldapsearch to check that central search received entry...
Stopping central master...
Using ldapdelete to delete entry on site1 master...
Starting central master again...
Using ldapsearch to check that entry was deleted on central master...
Using ldapsearch to check that entry was deleted on central search...
Running 3 of 10 syncrepl race tests...
Stopping central master...
Using ldapadd to add entry on site1 master...
Starting central master again...
Using ldapsearch to check that central master received entry...
Using ldapsearch to check that central search received entry...
Stopping central master...
Using ldapdelete to delete entry on site1 master...
Starting central master again...
Using ldapsearch to check that entry was deleted on central master...
Using ldapsearch to check that entry was deleted on central search...
Running 4 of 10 syncrepl race tests...
Stopping central master...
Using ldapadd to add entry on site1 master...
Starting central master again...
Using ldapsearch to check that central master received entry...
Using ldapsearch to check that central search received entry...
Stopping central master...
Using ldapdelete to delete entry on site1 master...
Starting central master again...
Using ldapsearch to check that entry was deleted on central master...
Using ldapsearch to check that entry was deleted on central search...
Running 5 of 10 syncrepl race tests...
Stopping central master...
Using ldapadd to add entry on site1 master...
Starting central master again...
Using ldapsearch to check that central master received entry...
Using ldapsearch to check that central search received entry...
Stopping central master...
Using ldapdelete to delete entry on site1 master...
Starting central master again...
Using ldapsearch to check that entry was deleted on central master...
Using ldapsearch to check that entry was deleted on central search...
Running 6 of 10 syncrepl race tests...
Stopping central master...
Using ldapadd to add entry on site1 master...
Starting central master again...
Using ldapsearch to check that central master received entry...
Using ldapsearch to check that central search received entry...
Stopping central master...
Using ldapdelete to delete entry on site1 master...
Starting central master again...
Using ldapsearch to check that entry was deleted on central master...
Using ldapsearch to check that entry was deleted on central search...
Running 7 of 10 syncrepl race tests...
Stopping central master...
Using ldapadd to add entry on site1 master...
Starting central master again...
Using ldapsearch to check that central master received entry...
Using ldapsearch to check that central search received entry...
Stopping central master...
Using ldapdelete to delete entry on site1 master...
Starting central master again...
Using ldapsearch to check that entry was deleted on central master...
Using ldapsearch to check that entry was deleted on central search...
Running 8 of 10 syncrepl race tests...
Stopping central master...
Using ldapadd to add entry on site1 master...
Starting central master again...
Using ldapsearch to check that central master received entry...
Using ldapsearch to check that central search received entry...
Stopping central master...
Using ldapdelete to delete entry on site1 master...
Starting central master again...
Using ldapsearch to check that entry was deleted on central master...
Using ldapsearch to check that entry was deleted on central search...
Running 9 of 10 syncrepl race tests...
Stopping central master...
Using ldapadd to add entry on site1 master...
Starting central master again...
Using ldapsearch to check that central master received entry...
Using ldapsearch to check that central search received entry...
Stopping central master...
Using ldapdelete to delete entry on site1 master...
Starting central master again...
Using ldapsearch to check that entry was deleted on central master...
Using ldapsearch to check that entry was deleted on central search...
Running 10 of 10 syncrepl race tests...
Stopping central master...
Using ldapadd to add entry on site1 master...
Starting central master again...
Using ldapsearch to check that central master received entry...
Using ldapsearch to check that central search received entry...
Stopping central master...
Using ldapdelete to delete entry on site1 master...
Starting central master again...
Using ldapsearch to check that entry was deleted on central master...
Using ldapsearch to check that entry was deleted on central search...
No race errors found after 10 iterations
Found 2 errors
>>>>>> Exiting with a false success status for now
10 years, 10 months
slapo-rwm overlay and backend databases
by Bryce Powell
Hi,
The OpenLDAP 2.4 documentation states:
"When using slapd.conf(5), overlays that are configured before any other databases are considered global, as mentioned above. In fact they are implicitly stacked on top of the frontend database. They can also be explicitly configured as such:
database frontend
overlay <overlay name>"
I currently use slapo-rwm, defined as a global declaration in slapd.conf, to provide bindDN rewrites to a remote LDAP server via slapo-ldap (LDAP proxy database). Is it possible then, if I'm interpreting the documentation correctly, to additionally stack a rewrite/remap overly in each defined database section? The objective would be to achieve database specific rewrites that are not applicable to all defined databases.
e.g.
database ldap
suffix "dc=abc,dc=local"
uri "ldap://172.11.250.200/"
overlay rwm
rwm-rewriteEngine on
rwm-rewriteContext searchEntryDN
rwm-rewriteRule "^cn=(.+)?\\\\2C(.+)?,ou=users,dc=abc,dc=local$" "cn=$1_$2,ou=users,dc=abc,dc=local" ":@"
[...etc.]
database ldap
suffix "dc=xyz,dc=local"
uri "ldap://172.11.250.201/"
overlay rwm
rwm-rewriteEngine on
rwm-rewriteContext searchEntryDN
rwm-rewriteRule <some other rewrite rule here>
[...etc.]
If this is possible, does the configuration allow one to define the overlay at the "backend" level, so that it applies to all databases of the same type?
e.g.
backend ldap
overlay rwm
rwm-rewriteEngine on
database ldap
suffix "dc=abc,dc=local"
uri "ldap://172.11.250.200/"
rwm-rewriteContext searchEntryDN
rwm-rewriteRule "^cn=(.+)?\\\\2C(.+)?,ou=users,dc=abc,dc=local$" "cn=$1_$2,ou=users,dc=abc,dc=local" ":@"
[...etc.]
database ldap
suffix "dc=xyz,dc=local"
uri "ldap://172.11.250.201/"
rwm-rewriteContext searchEntryDN
rwm-rewriteRule <some other rewrite rule here>
[...etc.]
Thanks
Bryce Powell
10 years, 10 months
Password policy
by jeevan kc
Hello I want to enable password policy on Openldap 2.4.30(to all users. I see that the ppolicy.ldif and ppolicy.schema are listed under /usr/local/etc/openldap/schema but are not present on /usr/local/etc/openldap/slapd.d/cn=config folder. So do I need to add the policy.ldif to the cn=config folder ? Is there like specific procedure to do that or can I add manually with ldapadd ? Also how do I enable that schema to all users ? Please help.
Jeevan
10 years, 10 months
Re: OpenLDAP-Client TLS
by Martin.Heinzmann@belden.com
Little update...i managed to get it to work :-)
It looks like it was the option "LDAP_OPT_X_TLS_ALLOW" i have to set.
Unfortunately i did it on the wrong position in my code. Now this option is
the first thing i do, even prior the initialization.
Nevertheless "LDAP_START_TLS_S" returns 3 errors: 1.unable to get local
issuer certificate, 2. certificate not trusted, 3.unable to verify the
first certificate. I think the 2nd and 3rd appear because the server uses a
self signed certificate?
One question i still have on my mind. I am only able to compile my client
by including the library "sasl2" although i am not using "ldap_sals_bind"
or anything like that. Is it possible expel sasl from my program or do i
have to use that library?
Regards Martin
DISCLAIMER:
Privileged and/or Confidential information may be contained in this
message. If you are not the addressee of this message, you may not
copy, use or deliver this message to anyone. In such event, you
should destroy the message and kindly notify the sender by reply
e-mail. It is understood that opinions or conclusions that do not
relate to the official business of the company are neither given
nor endorsed by the company.
Thank You.
10 years, 10 months
olcPcacheAttrset/olcPcacheTemplate values for set acl
by Tio Teath
I'm trying to write ACL, using set entries, like this:
to * by set="[cn=remote group,dc=host]/member & user" write,
where cn=remote group,dc=host is a remote group, available via ldap-proxy.
The remote group looks like this:
dn: cn=remote group,dc=host
cn: remote
member: cn=user1,ou=users,dc=host
member: cn=user2,ou=users,dc=host
objectClass: group
It works fine, except it raises search query to remote ldap server
each time, I'm trying to search against objects, the ACL applies. Is
it possible to set up pcache overlay to handle such kind of requests
to speed up ACL processing?
Which values olcPcacheAttrset and olcPcacheTemplate attributes should have?
10 years, 10 months
Assertion failed: errno != EDEADLK, file alock.c, line 77
by cjkry156@yahoo.co.jp
Hi World,
We are using OpenLDAP 2.3.5 on Solaris 9.
For security reason, System administrator start to use corporate LDAP,
(disable local authorization) and disable inetd services (comment out inetd.conf).
After that, when we try to start the OpenLDAP, this is not same as the corporate LDAP,
we recived Dead lock error message as,
Assertion failed: errno != EDEADLK, file alock.c, line 77
And the OpenLDAP was aborted.
Does anybody know this error?
Best Regards,
Ken
10 years, 10 months
OpenLDAP-Client TLS
by Martin.Heinzmann@belden.com
Hi,
i am trying to write my own client which connects to an active directory
and searches for an user. So far it works, i call "ldap_initialize", set
version 3, "ldap_simple_bind_s" and then search the directory.
Now i want the connection to be secure by executing a "Simple TLS handshake
". I changed my hostname variable to "ldaps://ip:636" and tried
"ldap_start_tls_s(ld,NULL,NULL)" before the bind but get a "cant contact
ldap server" error. I think my active directory is configured the right way
because with JXplorer it works over ssl and port 636.
Does anyone know which functions i have to call so a successful tls
connection will be set up?
Regards
Martin
DISCLAIMER:
Privileged and/or Confidential information may be contained in this
message. If you are not the addressee of this message, you may not
copy, use or deliver this message to anyone. In such event, you
should destroy the message and kindly notify the sender by reply
e-mail. It is understood that opinions or conclusions that do not
relate to the official business of the company are neither given
nor endorsed by the company.
Thank You.
10 years, 10 months
Re: n-way multimaster replication with ssl and tls
by anil beniwal
Yes
I am able to access using JXplorer using tls and 636.
I am using diff self singed certificate for each server.
I have done same configuration on 3 servers.
i am having /etc/openldap/ldap.conf and
/apps/openldap/etc/openldap/ldap.conf file
I have compiled ldap to /apps/openldap directory.
I am getting same output running on each server against the other 2 servers.
[root@sjprodam01 ~]# openssl s_client -connect mmprodam01.abc.com:636
-showcerts
CONNECTED(00000003)
depth=0 C = IN, ST = HR, L = GGN, O = SAP, OU = ISST, CN =
mmprodam01.abc.com
verify error:num=18:self signed certificate
verify return:1
depth=0 C = IN, ST = HR, L = GGN, O = SAP, OU = ISST, CN =
mmprodam01.abc.com
verify return:1
---
Certificate chain
0 s:/C=IN/ST=HR/L=GGN/O=SAP/OU=ISST/CN=mmprodam01.abc.com
i:/C=IN/ST=HR/L=GGN/O=SAP/OU=ISST/CN=mmprodam01.abc.com
-----BEGIN CERTIFICATE-----
MIICoDCCAgmgAwIBAgIJAJ5P5x76CGAUMA0GCSqGSIb3DQEBBQUAMGkxCzAJBgNV
BAYTAklOMQswCQYDVQQIDAJIUjEMMAoGA1UEBwwDR0dOMRAwDgYDVQQKDAdTQVBJ
RU5UMQ0wCwYDVQQLDARJU1NUMR4wHAYDVQQDDBVtbXByb2RhbTAxLm5hc2Nhci5j
b20wHhcNMTIxMTE2MDMyMDAxWhcNMTMxMTE2MDMyMDAxWjBpMQswCQYDVQQGEwJJ
TjELMAkGA1UECAwCSFIxDDAKBgNVBAcMA0dHTjEQMA4GA1UECgwHU0FQSUVOVDEN
MAsGA1UECwwESVNTVDEeMBwGA1UEAwwVbW1wcm9kYW0wMS5uYXNjYXIuY29tMIGf
MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDETDjOiWY1hkHcZ82BRtDabD7mPN8
A9OwLAule0NC6Y76mI8fHDs+vip9P6ASyVaSkxT8g+dOLGDBBy7winj52wcnP9aW
u38kE5Sm+suSFLlJ3A0uIfgmLr6dglyGsFMiYJCkeHKxBpF5zeJHTnKpqWZ+emwj
XwO0Dv22AYvATQIDAQABo1AwTjAdBgNVHQ4EFgQUhhRZ1mSzr1zccS4aHSKcoy8o
F5owHwYDVR0jBBgwFoAUhhRZ1mSzr1zccS4aHSKcoy8oF5owDAYDVR0TBAUwAwEB
/zANBgkqhkiG9w0BAQUFAAOBgQCr2gh0U000EttpCQeSjAoUjjkHB3zWMpGZ64Pr
SynPEy7uTFT4N5SRx11dZAHIOslQLhr8MiobqX+9EGvQo9ua3TQKd/jT+tgX32Nc
iZZyerd6IcT4SZTvH67UZwTxtlqu397Ti8cI8fcqziHoY76MBHCVcG6pvpW4e5H+
LvitdA==
-----END CERTIFICATE-----
---
Server certificate
subject=/C=IN/ST=HR/L=GGN/O=SAP/OU=ISST/CN=mmprodam01.abc.com
issuer=/C=IN/ST=HR/L=GGN/O=SAP/OU=ISST/CN=mmprodam01.abc.com
---
No client certificate CA names sent
---
SSL handshake has read 1008 bytes and written 311 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID:
2D97EE613D427036C9A1B1BB5E2371283763DDA8A761D9BED3385D4793E6E061
Session-ID-ctx:
Master-Key:
161A39EC4E5B5C0E0F211A014E6CE4B643F77C8C77B9175BFEF399A08319A56C9C199AF417E09EA9508579368E31F7AA
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket:
0000 - 82 43 eb e1 46 c2 bd 6f-7a 8b 44 20 cc 8a d5 c4 .C..F..oz.D
....
0010 - 9f 34 ee 02 36 1b 24 32-05 7e e4 3c a7 de 01 e6
.4..6.$2.~.<....
0020 - c0 b9 39 8b 50 b6 b8 b2-21 3a 81 02 16 3d a1 b1
..9.P...!:...=..
0030 - b6 ac 98 fe 34 f5 ba e2-f1 e2 30 c8 ed ad f8 8b
....4.....0.....
0040 - 00 5f bf f8 ed 75 90 65-7e c1 e6 b5 b1 e7 a3 ba
._...u.e~.......
0050 - 75 67 6e a3 d2 ab f5 2b-20 77 31 90 cd 3f b0 38 ugn....+
w1..?.8
0060 - 1f 60 da e9 8e dc 7c e2-97 56 95 55 61 c9 51 da
.`....|..V.Ua.Q.
0070 - c7 4f 65 13 48 64 8f 67-1d d1 75 b2 91 b2 7c b5
.Oe.Hd.g..u...|.
0080 - 7e 5f 6b 7b 61 e3 73 63-2b d7 91 c0 91 61 e7 27 ~_k{a.sc
+....a.'
0090 - 16 4b c5 e9 e0 ea 03 7a-6c 77 51 77 5c b6 f0 93
.K.....zlwQw\...
00a0 - ab 82 f9 8c 23 06 61 88-86 43 5a 20 1a 11 c5 e7 ....#.a..CZ
....
Compression: 1 (zlib compression)
Start Time: 1353129151
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
^C
On Sat, Nov 17, 2012 at 11:22 AM, houston <houston.r.hopkins(a)gmail.com>wrote:
> just curious, did you get ldap running over ssl on rhel 6.3? if so did
> you have to compile your ownnor did you use the red hat version? i cant
> seem to get ldapsearch to work over ldaps when using red hats 2.4 version
>
> thx,
> Houston
>
> anil beniwal <beni.anil(a)gmail.com> wrote:
> Hi List
>
> Can any body guide me through the steps required to setup n-way
> multimaster(3 or more servers at diff countries) replication with
> openldap 2.4.2
>
> 1. ssl based
> 2. tls based
>
> I am having normal replication running b/w 3 servers. Now i want to setup
> secure replication.
>
> i am using self signed certificate on RHEL 6.3.
> How can i validate whether replication is working fine for ssl or tls.
> How to enable replication logs.
>
> Anything else i should check out.
>
> I have already gone through a lot of postings on google.
>
>
>
>
>
>
>
> --
>
> Thanks&Regards
> Anil Beniwal
>
>
>
10 years, 10 months