9:12 a.m.
Hi,
Vikas, thanks for replying some more, but your last email is a little out
of context for me personally.
That i can understand, may be i have moved in more depth.
I did drop the -b argument (and the associated value) and still the
slapd
daemon crashed. I am starting to wonder if this is an OpenLDAP or LTB
Project OpenLDAP problem since no one else is chiming in with solutions and
troubleshooting.
Regret, but that issue is not a big one. I think, we are doing a silly
mistake somewhere.
As for the slaptest, it didn't generate *any* content into the
slapd.d
directory at all. I mentioned this to the person I was collaborating with
since I am attempting to document a process from scratch-to-finish.
slaptest is the utility that create slapd.d directory. I am worry, why it
is not working there.
That same person suggested I attempt to use ApacheDirectoryStudio to
interact with the slapd and configurations. I just attempted to connect to
the cn=config ??Context?? And I was able to add an attribute (
*olcTLSCipherSuite*), but as soon as I attempted to add a value (
*HIGH:MEDIUM+TLSv1+SSLv3*) the connection dropped in
ApacheDirectoryStudio.
*Warron French, MBA, SCSA*
From: Vikas Parashar <para.vikas(a)gmail.com>
To: Warron S French <Warron.S.French(a)aero.org>,
Cc: Ulrich Windl <Ulrich.Windl(a)rz.uni-regensburg.de>,
openldap-technical(a)openldap.org
Date: 01/27/2014 09:24 AM
Subject: Re: Antw: OpenLDAP slapd problems - ldap_result: Can't
contact LDAP server (-1) --- Low Sensitivity/Aerospace Internal Use Only
------------------------------
Hi,
Sorry! that was the typo. -b for the base only. In ldap modify, you don't
need to use -b.
You can do the same thing with slapd.conf file. later on, you can create a
slapd.d directory with the help of slaptest command.
slaptest -f slapd.conf -F slapd.d
In this temporary directory, you will get a configuration({0}config.ldif)
file under slapd.d/cn=conifg directory. you can replace it and resxtart the
service.
Or in current ldapmodify, please run it with deeper debug level. You may
use -d option for it.
On Mon, Jan 27, 2014 at 6:46 PM, Warron S French <
*Warron.S.French(a)aero.org* <Warron.S.French(a)aero.org>> wrote:
Low Sensitivity/Aerospace Internal Use Only
Ulrich, I attempted what you suggested as well, but I got back a different
error. And I don't know if it makes any difference, but I don't have TLS
configurations in place yet; that is what I am attempting to accomplish.
Anyway, after performing the following command:
* ldapmodify -ZZ -x -W -D cn=admin,cn=config -v -f
/tmp/LDAP-CONFIG-TLS.ldif*
I got the following error in response:
* ldap_initialize( <DEFAULT> )*
* ldap_start_tls: Protocol error (2)*
* Additional info: unsupported extended operation*
Thanks for the help,
* Warron French, MBA, SCSA*
From: "Ulrich Windl"
<*Ulrich.Windl@rz.uni-regensburg.de*<Ulrich.Windl@rz.uni-regensburg.de>
>
To: "Warron S French"
<*Warron.S.French@aero.org*<Warron.S.French@aero.org>>,
<*openldap-technical(a)openldap.org* <openldap-technical(a)openldap.org>>,
Date: 01/27/2014 02:34 AM
Subject: Antw: OpenLDAP slapd problems - ldap_result: Can't
contact LDAP server (-1) --- Low Sensitivity/Aerospace Internal Use Only
------------------------------
>>> Warron S French <*Warron.S.French(a)aero.org*
<Warron.S.French(a)aero.org>>
schrieb am 24.01.2014 um 17:28 in
Nachricht
<
*OFE6BBFCB7.3C423E61-ON85257C6A.005A0B4C-85257C6A.005A6E20@notes.aero.org*<OFE6BBFCB7.3C423E61-ON85257C6A.005A0B4C-85257C6A.005A6E20@notes.aero.org>
>:
> Low Sensitivity/Aerospace Internal Use Only
>
> Working on a CentOS-6.5 server, running LTB Project's slapd-2.4.38.
>
> Someone suggested I implement a cn=admin,cn=config for a cn=config
setup.
> (I don't know how to technically word that).
>
>
> Anyway, I need to make TLS-related changes and was told to do the
> following command:
>
> ldapmodify -x -D "cn=admin,cn=config" -W -d 256
Try "ldapmodify -ZZ -x -W -D cn=_your_admin_-v -f _your_ldif_file"
>
> ...then at the blank line type the following, each on a single line:
>
> Dn: cn=config
> Changetype: modify
> Add: olcTLSCipherSuite
> OlcTLSCipherSuite: HIGH:MEDIUM+TLSv1+SSLv3
> <CTRL-D>
>
>
> I have been getting an error reponse of:
> ldap_result: Can't contact LDAP server (-1)
>
> This __ONLY__ occurs after I hit <CTRL-D>, not before. Yes, the daemon,
> slapd, is actually running, but after this failure it abruptly stops. I
> know this because in a separate terminal on the same system, I am
running
> a while-loop with a ps -e | grep slapd in it.
>
>
> Please note the "-x" option according to the man page for ldapmodify is
> supposed to Use simple authentication instead of SASL.
>
>
> Thank you all for your help, hopefully you can:
>
> 1) tell me what this error means, and
> 2) how to fix my problem so that I can complete the olcTLSxxxx changes I
> need to implement.
>
>
>
>
>
> Warron French, MBA, SCSA
> The Aerospace Corporation
> Sr. UNIX SA & Storage Admin
> Mailstop: CH1-230
> Desk: 571-307-5311
> Cell: 703-967-8936
>
>
> Low Sensitivity/Aerospace Internal Use Only
Low Sensitivity/Aerospace Internal Use Only
Low Sensitivity/Aerospace Internal Use Only