--On Monday, April 16, 2012 07:02:09 PM -0700 "Richards, Toby" toby.richards@slo.courts.ca.gov wrote:
For those of you wondering, I'm running OpenBSD 5.0. openldap-server-2.4.25p0.tgz (depends on: openldap-client-2.4.25.tgz (depends on cyrus-sasl-2.1.23p7-ldap.tgz)). Typing "ldapd" gets the appropriate tcp/ip ports responding. Typing "/etc/rc.d/slapd start" does something, but doesn't give me responses on 349 or 636.
If you have questions about ldapd you need to find another list. OpenLDAP does not include ldapd.
If you have questions about OpenLDAP then you need to get some sort of log message that would give us a ghost of a change at responding to you. You will get lots of logging if you start up the slapd binary with the '-d 1' switch.
Bill
Respectfully Submitted, R. Toby Richards Network Administrator Superior Court of California In and for the County of San Luis Obispo (805) 781-4150 ________________________________________ From: Bill MacAllister [whm@stanford.edu] Sent: Monday, April 16, 2012 3:31 PM To: Richards, Toby; openldap-technical@openldap.org Subject: Re: ldapd vs. slapd
--On Monday, April 16, 2012 03:00:48 PM -0700 "Richards, Toby" toby.richards@slo.courts.ca.gov wrote:
I've been attempting to get an OpenLDAP server running all day, and I've been reading official documentation, tutorials, and anything else relevant on Google. I have some questions:
First, it would be helpful to know what version of OpenLDAP you are attempting to use and on what OS.
- What is the difference between ldapd & slapd (and commands such as ldapadd & slapdadd)? Slapd doesn't seem to respond on LDAP ports, but ldapd does.
The LDAP server provided with OpenLDAP is slapd. I don't know what you are referring to when you talk about ldapd.
The executive summary of the difference between slapadd and ldapadd is slapadd operates directly on the database and ldapadd operates over protocol. Or in other words you can slapadd entries to the database without having the slapd daemon running. The best documentation for these commands are the man pages that are delivered with OpenLDAP, i.e. 'man slapadd' and 'man ldapadd'.
- When using commands & configuring ldap.conf, can I use an IP address
instead of an FQDN for the host URI?
Yes.
- Do self-signed certificates break ldapadd?
No.
- I'm running with an SSL certificate, but no TLS. I commonly get the error "Confidentiality Required." The -Z option is for TLS. How do I tell ldapadd that I'm using SSL only? I tried with -Hldaps://hostname:636, but then I get "ldap_sasl_bind(SIMPLE): Can't connect to LDAP server" (even if I use the -x option). I know that the ldap server is running because when ldapd is running, I can connect with external tools such as jxplorer or ldap-at (but trying to make changes to my database will crash both of those utilities).
You probably should drop back and get a working ldap server first with a minimum amount of data. It will make the changes that you make to support secure connections to the directory simpler to test. It is also useful to run the server interactively in debug mode so you can see what is happening. On a debian system you would use the command:
/usr/sbin/slapd -d 1
When you are testing it makes a lot of sense to use ldapsearch as your first client.
Bill
--
Bill MacAllister Infrastructure Delivery Group, Stanford University