Hi,
Vikas, thanks for replying some more, but your last email is a little out of context for me personally.
That i can understand, may be i have moved in more depth.
I did drop the -b argument (and the associated value) and still the slapd daemon crashed. I am starting to wonder if this is an OpenLDAP or LTB Project OpenLDAP problem since no one else is chiming in with solutions and troubleshooting.
Regret, but that issue is not a big one. I think, we are doing a silly mistake somewhere.
As for the slaptest, it didn't generate *any* content into the slapd.d directory at all. I mentioned this to the person I was collaborating with since I am attempting to document a process from scratch-to-finish.
slaptest is the utility that create slapd.d directory. I am worry, why it is not working there.
That same person suggested I attempt to use ApacheDirectoryStudio to interact with the slapd and configurations. I just attempted to connect to the cn=config ??Context?? And I was able to add an attribute ( *olcTLSCipherSuite*), but as soon as I attempted to add a value ( *HIGH:MEDIUM+TLSv1+SSLv3*) the connection dropped in ApacheDirectoryStudio.
*Warron French, MBA, SCSA*
From: Vikas Parashar para.vikas@gmail.com To: Warron S French Warron.S.French@aero.org, Cc: Ulrich Windl Ulrich.Windl@rz.uni-regensburg.de, openldap-technical@openldap.org Date: 01/27/2014 09:24 AM Subject: Re: Antw: OpenLDAP slapd problems - ldap_result: Can't contact LDAP server (-1) --- Low Sensitivity/Aerospace Internal Use Only
Hi,
Sorry! that was the typo. -b for the base only. In ldap modify, you don't need to use -b.
You can do the same thing with slapd.conf file. later on, you can create a slapd.d directory with the help of slaptest command.
slaptest -f slapd.conf -F slapd.d
In this temporary directory, you will get a configuration({0}config.ldif) file under slapd.d/cn=conifg directory. you can replace it and resxtart the service.
Or in current ldapmodify, please run it with deeper debug level. You may use -d option for it.
On Mon, Jan 27, 2014 at 6:46 PM, Warron S French < *Warron.S.French@aero.org* Warron.S.French@aero.org> wrote: Low Sensitivity/Aerospace Internal Use Only
Ulrich, I attempted what you suggested as well, but I got back a different error. And I don't know if it makes any difference, but I don't have TLS configurations in place yet; that is what I am attempting to accomplish.
Anyway, after performing the following command:
- ldapmodify -ZZ -x -W -D cn=admin,cn=config -v -f
/tmp/LDAP-CONFIG-TLS.ldif*
I got the following error in response:
- ldap_initialize( <DEFAULT> )*
- ldap_start_tls: Protocol error (2)*
Additional info: unsupported extended operation*Thanks for the help,
- Warron French, MBA, SCSA*
From: "Ulrich Windl" <*Ulrich.Windl@rz.uni-regensburg.de*Ulrich.Windl@rz.uni-regensburg.de
To: "Warron S French" <*Warron.S.French@aero.org*Warron.S.French@aero.org>, <*openldap-technical@openldap.org* openldap-technical@openldap.org>, Date: 01/27/2014 02:34 AM Subject: Antw: OpenLDAP slapd problems - ldap_result: Can't contact LDAP server (-1) --- Low Sensitivity/Aerospace Internal Use Only
Warron S French <*Warron.S.French@aero.org* Warron.S.French@aero.org>
schrieb am 24.01.2014 um 17:28 in Nachricht < *OFE6BBFCB7.3C423E61-ON85257C6A.005A0B4C-85257C6A.005A6E20@notes.aero.org*OFE6BBFCB7.3C423E61-ON85257C6A.005A0B4C-85257C6A.005A6E20@notes.aero.org
: Low Sensitivity/Aerospace Internal Use Only
Working on a CentOS-6.5 server, running LTB Project's slapd-2.4.38.
Someone suggested I implement a cn=admin,cn=config for a cn=config
setup.
(I don't know how to technically word that).
Anyway, I need to make TLS-related changes and was told to do the following command:
ldapmodify -x -D "cn=admin,cn=config" -W -d 256
Try "ldapmodify -ZZ -x -W -D cn=_your_admin_-v -f _your_ldif_file"
...then at the blank line type the following, each on a single line:
Dn: cn=config Changetype: modify Add: olcTLSCipherSuite OlcTLSCipherSuite: HIGH:MEDIUM+TLSv1+SSLv3
<CTRL-D>
I have been getting an error reponse of: ldap_result: Can't contact LDAP server (-1)
This __ONLY__ occurs after I hit <CTRL-D>, not before. Yes, the daemon, slapd, is actually running, but after this failure it abruptly stops. I know this because in a separate terminal on the same system, I am
running
a while-loop with a ps -e | grep slapd in it.
Please note the "-x" option according to the man page for ldapmodify is supposed to Use simple authentication instead of SASL.
Thank you all for your help, hopefully you can:
- tell me what this error means, and
- how to fix my problem so that I can complete the olcTLSxxxx changes I
need to implement.
Warron French, MBA, SCSA The Aerospace Corporation Sr. UNIX SA & Storage Admin Mailstop: CH1-230 Desk: 571-307-5311 Cell: 703-967-8936
Low Sensitivity/Aerospace Internal Use Only
Low Sensitivity/Aerospace Internal Use Only
Low Sensitivity/Aerospace Internal Use Only