Hi, Something is amiss and I decided to rebuild from the start. # # LDAP Defaults #
# See ldap.conf(5) for details # This file should be world readable but not world writable.
#BASE dc=example,dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12 #TIMELIMIT 15 #DEREF never
TLS_CACERTDIR /etc/openldap/cacerts
# Turning this off breaks GSSAPI used with krb5 when rdns = false SASL_NOCANON on
#TLS_CACERT /etc/openldap/cacert.pem #TLSCACertificateFile /etc/openldap/cacert.pem #TLSCertificateFile /etc/openldap/server.crt #TLSCertificateKeyFile /etc/openldap/private.key ssl start_tls TLS_REQCERT allow BASE dc=joescompany,dc=com URI ldap://127.0.0.1/
I start the ldap server and go to see if everything is ok. ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts # extended LDIF # # LDAPv3 # base <> with scope baseObject # filter: (objectclass=*) # requesting: namingContexts #
# dn: namingContexts: dc=joescompany,dc=com namingContexts: dc=my-domain,dc=com
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
Should that second line even be there? Where in the world is it getting my-domain from? Is it a default? Thank you, P.
It's a default for TLS. I got it.
On Monday, September 9, 2019, 8:56:25 AM EDT, Paul Pathiakis pathiaki2@yahoo.com wrote:
Hi, Something is amiss and I decided to rebuild from the start. # # LDAP Defaults #
# See ldap.conf(5) for details # This file should be world readable but not world writable.
#BASE dc=example,dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12 #TIMELIMIT 15 #DEREF never
TLS_CACERTDIR /etc/openldap/cacerts
# Turning this off breaks GSSAPI used with krb5 when rdns = false SASL_NOCANON on
#TLS_CACERT /etc/openldap/cacert.pem #TLSCACertificateFile /etc/openldap/cacert.pem #TLSCertificateFile /etc/openldap/server.crt #TLSCertificateKeyFile /etc/openldap/private.key ssl start_tls TLS_REQCERT allow BASE dc=joescompany,dc=com URI ldap://127.0.0.1/
I start the ldap server and go to see if everything is ok. ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts # extended LDIF # # LDAPv3 # base <> with scope baseObject # filter: (objectclass=*) # requesting: namingContexts #
# dn: namingContexts: dc=joescompany,dc=com namingContexts: dc=my-domain,dc=com
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
Should that second line even be there? Where in the world is it getting my-domain from? Is it a default? Thank you, P.
--On Monday, September 9, 2019 2:38 PM +0000 Paul Pathiakis pathiaki2@yahoo.com wrote:
It's a default for TLS. I got it.
It means your server is configured with both of those naming contexts. It has nothing to do with TLS. OpenLDAP does not configure "default" domains, it's likely an artifact of whatever you installed.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
openldap-technical@openldap.org
-
Paul Pathiakis -
Quanah Gibson-Mount