Thank you very much for your response Dave.
As per second link, I was able to create working copy of LDAP server, that did not crash on me complaining about encryption.
So I can recreate working environment. I am not seeking to be able to mindlessly copy someone's config files and start service as 'my own'.
Can someone suggest PDF book(which I am willing to buy, even if it's expensive, eastern European paying money for digital property, I know, right?) or some other non DRM book?
Something that will give me good insight on LDAP.
Thank you in advance.
Dmitri Seletski
There are a lot of great tutorials out there too:
I would say try them all, get a feel for it and install/configure it for your needs.Openldap is a great software with many really cool schemas to expand usage
Have fun!
On Mon, Aug 19, 2019 at 7:06 PM Dmitri Seletski <drjoms@gmail.com> wrote:
Please ignore last message.
Apparently I have 2 hands, but both are left hands.(freshly cloned OS with no existing preinstall seemed to work fine and works even after 'systemctl stop slapd ; systemctl start slapd')Can anyone suggest good book for administration of OpenLDAP on Linux/CentOS. Ideally for kid 5 and up, with many pictures and suitable for 'late bloomer'.
Thanks!
Dmitri
-------- Forwarded Message --------
Subject: any working documentation? Date: Mon, 19 Aug 2019 20:26:28 +0100 From: Dmitri Seletski <drjoms@gmail.com> To: openldap-technical@openldap.org
Hello.
I am new to the list, so if you gonna beat me with your feet - please don't hit me in the face.
I did not find help/user list. So post here.
Where can I find working documentation for OpenLDAP?
Most current i found:
https://www.openldap.org/doc/admin24/quickstart.html
It says nothing of TLS encryption. I fail to start service
See output below:
TLSMC: MozNSS compatibility interception begins.
tlsmc_intercept_initialization: INFO: entry options follow:
tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap/certs'
tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server'
tlsmc_intercept_initialization: INFO: keyfile = `/etc/openldap/certs/password'
tlsmc_convert: INFO: trying to open NSS DB with CACertDir = `/etc/openldap/certs'.
tlsmc_open_nssdb: INFO: trying to initialize moznss using security dir `/etc/openldap` prefix `certs`.
tlsmc_open_nssdb: WARN: could not initialize MozNSS context - error -8015.
tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM configuration is present.
tlsmc_intercept_initialization: INFO: altered options follow:
tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap'
tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server'
tlsmc_intercept_initialization: INFO: keyfile = `/etc/openldap/certs/password'
tlsmc_intercept_initialization: INFO: successfully intercepted TLS initialization. Continuing with OpenSSL only.
TLSMC: MozNSS compatibility interception ends.
TLS: could not use certificate `OpenLDAP Server'.
TLS: error:02001002:system library:fopen:No such file or directory bss_file.c:402
TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:404
TLS: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib ssl_rsa.c:468
5d5af51b main: TLS init def ctx failed: -1
5d5af51b slapd destroy: freeing system resources.
5d5af51b slapd stopped.
5d5af51b connections_destroy: nothing to destroy.
Where can I submit errata to documentation maintainer?(as quick start clearly doesn't work in my default install of OpenLDAP on CentOS 7)
And how can I start SLAPD without encryption?
I can generate self signed private/public key and make ln -s of my CA cert folder to 'cacertdir = `/etc/openldap'', but this seems SOOO unnecessary. At least on 'try out' step.
Thanks in advance
Dmitri