ldaps has been deprecated in favour of keeping all communication open only
at one port. try to use
Use above settings based on your client
I am using sssd client with following setting and it works on TLS.
config_file_version = 2
services = nss, pam, sudo
domains = default
filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd,ubuntu
pam_verbosity = 3
ldap_tls_reqcert = allow
auth_provider = ldap
ldap_schema = rfc2307bis
krb5_realm = EXAMPLE.COM
ldap_group_member = uniquemember
id_provider = ldap
sudo_provider = ldap
ldap_sudo_search_base = ou=sudoers,dc=xxxx,dc=xxxx,dc=xxxx
netgroup_provider = ldap
ldap_netgroup_search_base = ou=Netgroup,dc=xxxx,dc=xxxx,dc=xxxx
ldap_id_use_start_tls = True
chpass_provider = ldap
ldap_uri = ldap://host1:389/,ldap://ldap2:389/,ldap://ldap3:389/
ldap_chpass_uri = ldap://host1:389/
cache_credentials = True
entry_cache_timeout = 600
ldap_network_timeout = 3
ldap_access_filter = (&(object)(object))
On Mon, Sep 8, 2014 at 10:58 AM, Vijay Ganesan <vijay(a)thoughtspot.com>
Thanks Ryan for pointing me to the right link. I've configured TLS
following those instructions.
But I can't seem to connect using ldaps://localhost:636 using Apache
Directory Studio client. I get a "Error while opening connection - Cannot
connect on the server: Connection refused" error.
I can connect fine using ldap://localhost:389.
What diagnostics can be run to figure out if TLS is working correctly?
On Sun, Sep 7, 2014 at 3:00 PM, Ryan Tandy <ryan(a)nardis.ca> wrote:
> The Ubuntu server guide has a chapter on setting up OpenLDAP, including a
> section on configuring TLS. Have you followed it?
> On 07/09/14 02:20 PM, Vijay Ganesan wrote:
>> 2. Added following entries to /usr/share/slapd/slapd.conf:
> Are you sure that's the right file? By default Ubuntu 12.04 uses
> LDAP-based configuration (cn=config) instead of a slapd.conf file; and even
> if it did, it would usually be found in /etc/ldap/slapd.conf and not in
Udai Singh Mehra
Infrastructure Engineering and Operations