Hi Abdelkader,

I have changed my ldap.conf file to following:

BASE    dc=platalytics,dc=com
URI     ldaps://127.0.0.1
TLS_REQCERT demand
TLS_CACERT /etc/ldap/cacert.pem

I also works. 

Can you please verify is it correct approach?

On Thu, Aug 20, 2015 at 11:36 PM, Aneela Saleem <aneela@platalytics.com> wrote:
Hi Abdelkader,

I tried following link 

http://rogermoffatt.com/2011/08/24/ubuntu-openldap-with-ssltls/

It worked. But don't you think setting "TLS_REQCERT never" kills the purpose of ssl. As client FQDN is not checked in this againt.


On Thu, Aug 20, 2015 at 10:39 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote:
On 20/08/2015 18:23, Aneela Saleem wrote:
55d5ff01 str2entry: entry -1 has multiple DNs "cn=config" and "cn=module{0},cn=config"


On Thu, Aug 20, 2015 at 8:30 PM, Aneela Saleem <aneela@platalytics.com> wrote:
5/ Imports the new configuration

slapadd -F /path/to/slapd.d -n 0 -l config.ldif
I get the following error:

slapadd: could not add entry dn="cn=config" (line=1): 
_                       1.03% eta   none elapsed            none spd   4.2 M/s 
Closing DB...

On Thu, Aug 20, 2015 at 2:11 AM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote:
On 19/08/2015 20:32, Aneela Saleem wrote:
Anyone there? Please help me getting out of this problem

On Wed, Aug 19, 2015 at 1:29 AM, Aneela Saleem <aneela@platalytics.com> wrote:
this is my /etc/ldap/ldap.conf file:

BASE    dc=platalytics,dc=com


TLS_CACERT      /etc/ldap/cacert.pem


On Wed, Aug 19, 2015 at 1:07 AM, Aneela Saleem <aneela@platalytics.com> wrote:
Still i get following error:

modifying entry "cn=config"
ldap_result: Can't contact LDAP server (-1)


On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote:
On 18/08/2015 20:27, Aneela Saleem wrote:
I get following result 

ldap_initialize( ldap://localhost:389/??base )
dn:cn=admin,cn=config
Result: Success (0)


On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote:
On 18/08/2015 20:11, Aneela Saleem wrote:
When i add below file i.e., ssl_mod.ldif

dn: cn=config
changetype: modify
add: olcTLSCACertificateFile
olcTLSCACertificateFile: /etc/ldap/cacert.pem
-
add: olcTLSCertificateFile
olcTLSCertificateFile: /etc/ldap/servercrt.pem
-
add: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem
-
add: olcTLSCipherSuite
olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2

using following command:

ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f mod_ssl.ldif

i get ldap_result: Can't contact LDAP server (-1) error.

Although LDAP is running. I can run following command i.e.,

ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w 123 -b "dc=platalytics,dc=com" "objectclass=*"

How can i make ldaps work?

On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem <aneela@platalytics.com> wrote:
Where i can find the logs?

On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem <aneela@platalytics.com> wrote:
I wrote the above lines in olcDatabase={0}config.ldif file. When i restart slapd it gets failed.


On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem <aneela@platalytics.com> wrote:
Which file i need to write this in?

On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote:
On 18/08/2015 16:05, Aneela Saleem wrote:
I have no slapd.conf. I have cn=conf

On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote:
On 18/08/2015 15:51, Aneela Saleem wrote:
Thanks Michael and Abdelkader.

Abdelkaded the link you provided is for slapd.conf distribution. Can you please guide me how to do "cn=config" distribution?

On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote:
On 18/08/2015 15:41, Michael Ströder wrote:
Aneela Saleem wrote:
Can anyone please provide me some link for enabling "ldaps"
http://www.openldap.org/doc/admin24/tls.html

Ciao, Michael.

or http://www.openldap.org/faq/data/cache/185.html

regards

You can convert a slapd.conf to cn=config using slaptest

slaptest -f path/to/slapd.conf -F path/to/slapd.d

# cn=config
dn: cn=config
objectClass: olcGlobal
cn: config
...
olcTLSCACertificateFile: /path/to/cacert
olcTLSCertificateFile: /path/to/cert
olcTLSCertificateKeyFile: /path/to/key
olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2
...




Can you run

ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389



Ok, retry the "ldapmodify" command using

ldapmodify  -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 -f mod_ssl.ldif






There is something wrong with your setup.

1/ Stops your instance
2/ Exports your configuration

slapcat -F /path/to/slapd.d -n 0 -l config.ldif

3/ Performs the modification directly on config.ldif
4/ Removes the old configuration

rm -rf /path/to/slapd.d/*

5/ Imports the new configuration

slapadd -F /path/to/slapd.d -n 0 -l config.ldif

6/ Starts your instance


Did you removed the content of /path/to/slapd.d ?