On 26/10/11 22:53 -0400, Braden McDaniel wrote:
I am trying to get OpenLDAP (2.4.24) working with NSS on Fedora 15. In cn=config.ldif I have:
olcTLSCACertificatePath: /etc/pki/nssdb olcTLSCertificateFile: endoframe
I have used certutil to create a self-signed certificate:
# certutil -d /etc/pki/nssdb -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI endoframe Cu,Cu,Cu
But this doesn't appear to be working:
$ ldapsearch -H ldaps://rail -b dc=endoframe,dc=net -x -d1 ldap_url_parse_ext(ldaps://rail) ldap_create ldap_url_parse_ext(ldaps://rail:636/??base) ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP rail:636 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying ::1 636 ldap_pvt_connect: fd: 3 tm: -1 async: 0 ldap_close_socket: 3 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 127.0.0.1:636 ldap_pvt_connect: fd: 3 tm: -1 async: 0 ldap_close_socket: 3 ldap_err2string ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
slapd is running:
# systemctl status slapd.service slapd.service - LSB: starts and stopd OpenLDAP server daemon Loaded: loaded (/etc/rc.d/init.d/slapd) Active: active (running) since Wed, 05 Oct 2011 02:24:11 -0400; 3 weeks and 0 days ago Main PID: 1429 (slapd) CGroup: name=systemd:/system/slapd.service └ 1429 /usr/sbin/slapd -h ldap:/// -u ldap
Any ideas of what I might be doing wrong, or where I should be looking to debug this?
slapd was not started with the proper options to listen on ldaps:/// (port 636).
Your -h command line option should include it, e.g. '-h ldap:/// ldaps:///'. See slapd(8) for more details.