Low Sensitivity/Aerospace Internal Use
Only
Vikas, thanks for replying some more, but your last email is a little out
of context for me personally.
I did drop the -b argument (and the
associated value) and still the slapd daemon crashed. I am starting
to wonder if this is an OpenLDAP or LTB Project OpenLDAP problem since
no one else is chiming in with solutions and troubleshooting.
As for the slaptest, it didn't generate
any content into the slapd.d directory at all. I mentioned
this to the person I was collaborating with since I am attempting to document
a process from scratch-to-finish.
That same person suggested I attempt
to use ApacheDirectoryStudio to interact with the slapd and configurations.
I just attempted to connect to the cn=config ??Context?? And I was
able to add an attribute (olcTLSCipherSuite), but as soon
as I attempted to add a value (HIGH:MEDIUM+TLSv1+SSLv3) the
connection dropped in ApacheDirectoryStudio.
Warron French, MBA,
SCSA
From:
Vikas Parashar <para.vikas@gmail.com>
To:
Warron S French <Warron.S.French@aero.org>,
Cc:
Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>,
openldap-technical@openldap.org
Date:
01/27/2014 09:24 AM
Subject:
Re: Antw: OpenLDAP
slapd problems - ldap_result: Can't contact LDAP server (-1) --- Low Sensitivity/Aerospace
Internal Use Only
Hi,
Sorry! that was the typo. -b for the base only. In ldap
modify, you don't need to use -b.
You can do the same thing with slapd.conf file. later
on, you can create a slapd.d directory with the help of slaptest command.
slaptest -f slapd.conf -F slapd.d
In this temporary directory, you will get a configuration({0}config.ldif)
file under slapd.d/cn=conifg directory. you can replace it and resxtart
the service.
Or in current ldapmodify, please run it with deeper debug
level. You may use -d option for it.
On Mon, Jan 27, 2014 at 6:46 PM, Warron S French <Warron.S.French@aero.org>
wrote:
Low Sensitivity/Aerospace Internal Use
Only
Ulrich, I attempted what you suggested
as well, but I got back a different error. And I don't know if it
makes any difference, but I don't have TLS configurations in place yet;
that is what I am attempting to accomplish.
Anyway, after performing the following command:
ldapmodify -ZZ -x -W -D cn=admin,cn=config -v -f /tmp/LDAP-CONFIG-TLS.ldif
I got the following error in response:
ldap_initialize( <DEFAULT> )
ldap_start_tls: Protocol error (2)
Additional info: unsupported extended operation
Thanks for the help,
Warron French, MBA, SCSA
From: "Ulrich
Windl" <Ulrich.Windl@rz.uni-regensburg.de>
To: "Warron
S French" <Warron.S.French@aero.org>,
<openldap-technical@openldap.org>,
Date: 01/27/2014
02:34 AM
Subject: Antw:
OpenLDAP slapd problems - ldap_result: Can't contact LDAP server (-1) ---
Low Sensitivity/Aerospace Internal Use Only
>>> Warron S French <Warron.S.French@aero.org>
schrieb am 24.01.2014 um 17:28 in
Nachricht
<OFE6BBFCB7.3C423E61-ON85257C6A.005A0B4C-85257C6A.005A6E20@notes.aero.org>:
> Low Sensitivity/Aerospace Internal Use Only
>
> Working on a CentOS-6.5 server, running LTB Project's slapd-2.4.38.
>
> Someone suggested I implement a cn=admin,cn=config for a cn=config
setup.
> (I don't know how to technically word that).
>
>
> Anyway, I need to make TLS-related changes and was told to do the
> following command:
>
> ldapmodify -x -D "cn=admin,cn=config" -W -d
256
Try "ldapmodify -ZZ -x -W -D cn=_your_admin_-v -f _your_ldif_file"
>
> ...then at the blank line type the following, each on a single line:
>
> Dn:
cn=config
> Changetype:
modify
> Add:
olcTLSCipherSuite
> OlcTLSCipherSuite: HIGH:MEDIUM+TLSv1+SSLv3
> <CTRL-D>
>
>
> I have been getting an error reponse of:
> ldap_result: Can't contact LDAP server (-1)
>
> This __ONLY__ occurs after I hit <CTRL-D>, not before. Yes,
the daemon,
> slapd, is actually running, but after this failure it abruptly stops.
I
> know this because in a separate terminal on the same system, I am
running
> a while-loop with a ps -e | grep slapd in it.
>
>
> Please note the "-x" option according to the man page for
ldapmodify is
> supposed to Use simple authentication instead of SASL.
>
>
> Thank you all for your help, hopefully you can:
>
> 1) tell me what this error means, and
> 2) how to fix my problem so that I can complete the olcTLSxxxx changes
I
> need to implement.
>
>
>
>
>
> Warron French, MBA, SCSA
> The Aerospace Corporation
> Sr. UNIX SA & Storage Admin
> Mailstop: CH1-230
> Desk: 571-307-5311
> Cell: 703-967-8936
>
>
> Low Sensitivity/Aerospace Internal Use Only
Low Sensitivity/Aerospace Internal Use Only
Low Sensitivity/Aerospace Internal Use Only