Tail –f /var/log/messages
Has most of the ldap messages,
You also may have a :

/var/log/localmessages

If you are running a client on the server machine, the client info will be mixed in with the server info on
/var/log/messages.
I believe you will only get the server [slapd] on localmessages

You have to choose either ldap [port 389] with tls,
Or
Ldaps [port 636]

I am assuming you have a tls_cacert and either a uri with ldap://... Or ldaps://
As appropriate, in /etc/ldap.conf of the client machine.


On 10/27/11 10:23 AM, "Daniel Qian" <daniel@up247solution.com> wrote:

  On 11-10-26 11:28 PM, Dan White wrote:
On 26/10/11 22:53 -0400, Braden McDaniel wrote:
 
I am trying to get OpenLDAP (2.4.24) working with NSS on Fedora 15. In
 cn=config.ldif I have:
 
  olcTLSCACertificatePath: /etc/pki/nssdb
  olcTLSCertificateFile: endoframe
 
 I have used certutil to create a self-signed certificate:
 
  # certutil -d /etc/pki/nssdb -L
 
  Certificate Nickname Trust Attributes
  SSL,S/MIME,JAR/XPI
 
  endoframe Cu,Cu,Cu
 
 But this doesn't appear to be working:
 
  $ ldapsearch -H ldaps://rail -b dc=endoframe,dc=net -x -d1
  ldap_url_parse_ext(ldaps://rail)
  ldap_create
  ldap_url_parse_ext(ldaps://rail:636/??base)
  ldap_sasl_bind
  ldap_send_initial_request
  ldap_new_connection 1 1 0
  ldap_int_open_connection
  ldap_connect_to_host: TCP rail:636
  ldap_new_socket: 3
  ldap_prepare_socket: 3
  ldap_connect_to_host: Trying ::1 636
  ldap_pvt_connect: fd: 3 tm: -1 async: 0
  ldap_close_socket: 3
  ldap_new_socket: 3
  ldap_prepare_socket: 3
  ldap_connect_to_host: Trying 127.0.0.1:636
  ldap_pvt_connect: fd: 3 tm: -1 async: 0
  ldap_close_socket: 3
  ldap_err2string
  ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
 
 slapd is running:
 
  # systemctl status slapd.service
  slapd.service - LSB: starts and stopd OpenLDAP server daemon
  Loaded: loaded (/etc/rc.d/init.d/slapd)
  Active: active (running) since Wed, 05 Oct 2011 02:24:11 -0400; 3 weeks and 0 days ago
  Main PID: 1429 (slapd)
  CGroup: name=systemd:/system/slapd.service
  ¢| 1429 /usr/sbin/slapd -h ldap:/// -u ldap
 
 Any ideas of what I might be doing wrong, or where I should be looking
 to debug this?
 

 slapd was not started with the proper options to listen on ldaps:/// (port
 636).
 
 Your -h command line option should include it, e.g. '-h ldap:///
 ldaps:///'. See slapd(8) for more details.
 
 

 There is a control file on Fedora 15 for ldaps or tls
 
 cat /etc/sysconfig/ldap
 
 # Options of slapd (see man slapd)
 #SLAPD_OPTIONS=
 
 # At least one of SLAPD_LDAP, SLAPD_LDAPI and SLAPD_LDAPS must be set to 'yes'!
 #
 # Run slapd with -h "... ldap:/// ..."
 # yes/no, default: yes
 #SLAPD_LDAP=yes
 
 # Run slapd with -h "... ldapi:/// ..."
 # yes/no, default: no
 #SLAPD_LDAPI=no
 
 # Run slapd with -h "... ldaps:/// ..."
 # yes/no, default: no
 #SLAPD_LDAPS=no
 SLAPD_LDAPS=yes
 
 # Run slapd with -h "... $SLAPD_URLS ..."
 # This option could be used instead of previous three ones, but:
 # - it doesn't overwrite settings of $SLAPD_LDAP, $SLAPD_LDAPS and $SLAPD_LDAPI options
 # - it isn't overwritten by settings of $SLAPD_LDAP, $SLAPD_LDAPS and $SLAPD_LDAPI options
 # example: SLAPD_URLS="ldapi:///var/lib/ldap_root/ldapi ldapi:/// ldaps:///"
 # default: empty
 #SLAPD_URLS=""
 
 # Maximum allowed time to wait for slapd shutdown on 'service ldap stop' (in seconds)
 #SLAPD_SHUTDOWN_TIMEOUT=3
 
 # Parameters to ulimit, use to change system limits for slapd
 #SLAPD_ULIMIT_SETTINGS=""