Hi,
Sorry! that was the typo. -b for the base only. In ldap modify, you don't need to use -b.
You can do the same thing with slapd.conf file. later on, you can create a slapd.d directory with the help of slaptest command.
slaptest -f slapd.conf -F slapd.d
In this temporary directory, you will get a configuration({0}config.ldif) file under slapd.d/cn=conifg directory. you can replace it and resxtart the service.
Or in current ldapmodify, please run it with deeper debug level. You may use -d option for it.
On Mon, Jan 27, 2014 at 6:46 PM, Warron S French Warron.S.French@aero.orgwrote:
Low Sensitivity/Aerospace Internal Use Only
Ulrich, I attempted what you suggested as well, but I got back a different error. And I don't know if it makes any difference, but I don't have TLS configurations in place yet; that is what I am attempting to accomplish.
Anyway, after performing the following command: *ldapmodify -ZZ -x -W -D cn=admin,cn=config -v -f /tmp/LDAP-CONFIG-TLS.ldif*
I got the following error in response: *ldap_initialize( <DEFAULT> )* *ldap_start_tls: Protocol error (2)*
Additional info: unsupported extended operation*Thanks for the help,
*Warron French, MBA, SCSA*
From: "Ulrich Windl" Ulrich.Windl@rz.uni-regensburg.de To: "Warron S French" Warron.S.French@aero.org, < openldap-technical@openldap.org>, Date: 01/27/2014 02:34 AM Subject: Antw: OpenLDAP slapd problems - ldap_result: Can't contact LDAP server (-1) --- Low Sensitivity/Aerospace Internal Use Only
Warron S French Warron.S.French@aero.org schrieb am 24.01.2014 um
17:28 in Nachricht <OFE6BBFCB7.3C423E61-ON85257C6A.005A0B4C-85257C6A.005A6E20@notes.aero.org
: Low Sensitivity/Aerospace Internal Use Only
Working on a CentOS-6.5 server, running LTB Project's slapd-2.4.38.
Someone suggested I implement a cn=admin,cn=config for a cn=config
setup.
(I don't know how to technically word that).
Anyway, I need to make TLS-related changes and was told to do the following command:
ldapmodify -x -D "cn=admin,cn=config" -W -d 256
Try "ldapmodify -ZZ -x -W -D cn=_your_admin_-v -f _your_ldif_file"
...then at the blank line type the following, each on a single line:
Dn: cn=config Changetype: modify Add: olcTLSCipherSuite OlcTLSCipherSuite: HIGH:MEDIUM+TLSv1+SSLv3
<CTRL-D>
I have been getting an error reponse of: ldap_result: Can't contact LDAP server (-1)
This __ONLY__ occurs after I hit <CTRL-D>, not before. Yes, the daemon, slapd, is actually running, but after this failure it abruptly stops. I know this because in a separate terminal on the same system, I am
running
a while-loop with a ps -e | grep slapd in it.
Please note the "-x" option according to the man page for ldapmodify is supposed to Use simple authentication instead of SASL.
Thank you all for your help, hopefully you can:
- tell me what this error means, and
- how to fix my problem so that I can complete the olcTLSxxxx changes I
need to implement.
Warron French, MBA, SCSA The Aerospace Corporation Sr. UNIX SA & Storage Admin Mailstop: CH1-230 Desk: 571-307-5311 Cell: 703-967-8936
Low Sensitivity/Aerospace Internal Use Only
Low Sensitivity/Aerospace Internal Use Only