OpenLDAP slapd problems - ldap_result: Can't contact LDAP server (-1) --- Low Sensitivity/Aerospace Internal Use Only
8:28 a.m.
Low Sensitivity/Aerospace Internal Use Only
Working on a CentOS-6.5 server, running LTB Project's slapd-2.4.38.
Someone suggested I implement a cn=admin,cn=config for a cn=config setup.
(I don't know how to technically word that).
Anyway, I need to make TLS-related changes and was told to do the
following command:
ldapmodify -x -D "cn=admin,cn=config" -W -d 256
...then at the blank line type the following, each on a single line:
Dn: cn=config
Changetype: modify
Add: olcTLSCipherSuite
OlcTLSCipherSuite: HIGH:MEDIUM+TLSv1+SSLv3
<CTRL-D>
I have been getting an error reponse of:
ldap_result: Can't contact LDAP server (-1)
This __ONLY__ occurs after I hit <CTRL-D>, not before. Yes, the daemon,
slapd, is actually running, but after this failure it abruptly stops. I
know this because in a separate terminal on the same system, I am running
a while-loop with a ps -e | grep slapd in it.
Please note the "-x" option according to the man page for ldapmodify is
supposed to Use simple authentication instead of SASL.
Thank you all for your help, hopefully you can:
1) tell me what this error means, and
2) how to fix my problem so that I can complete the olcTLSxxxx changes I
need to implement.
Warron French, MBA, SCSA
The Aerospace Corporation
Sr. UNIX SA & Storage Admin
Mailstop: CH1-230
Desk: 571-307-5311
Cell: 703-967-8936
Low Sensitivity/Aerospace Internal Use Only
9:09 a.m.
Hi,
That error is clearly saying. "unable to connect" that's mean you need to
pass host as well..
On Fri, Jan 24, 2014 at 9:58 PM, Warron S French
<Warron.S.French(a)aero.org>wrote:
Low Sensitivity/Aerospace Internal Use Only
Working on a CentOS-6.5 server, running LTB Project's slapd-2.4.38.
Someone suggested I implement a cn=admin,cn=config for a cn=config setup.
(I don't know how to technically word that).
Anyway, I need to make TLS-related changes and was told to do the
following command:
*ldapmodify -x -D "cn=admin,cn=config" -W -d 256*
...then at the blank line type the following, each on a single line:
Dn: cn=config
Changetype: modify
Add: olcTLSCipherSuite
OlcTLSCipherSuite: HIGH:MEDIUM+TLSv1+SSLv3
<CTRL-D>
I have been getting an error reponse of:
*ldap_result: Can't contact LDAP server (-1)*
This __ONLY__ occurs after I hit <CTRL-D>, not before. Yes, the daemon,
slapd, is actually running, but after this failure it abruptly stops. I
know this because in a separate terminal on the same system, I am running a
while-loop with a ps -e | grep slapd in it.
Please note the "-x" option according to the man page for ldapmodify is
supposed to Use simple authentication instead of SASL.
Thank you all for your help, hopefully you can:
1) tell me what this error means, and
2) how to fix my problem so that I can complete the olcTLSxxxx changes I
need to implement.
*Warron French, MBA, SCSA*
*The Aerospace Corporation*
Sr. UNIX SA & Storage Admin
Mailstop: CH1-230
Desk: 571-307-5311
Cell: 703-967-8936
Low Sensitivity/Aerospace Internal Use Only
9:09 a.m.
Please specify hostname in command.
On Fri, Jan 24, 2014 at 10:39 PM, Vikas Parashar <para.vikas(a)gmail.com>wrote:
Hi,
That error is clearly saying. "unable to connect" that's mean you need to
pass host as well..
On Fri, Jan 24, 2014 at 9:58 PM, Warron S French <Warron.S.French(a)aero.org
> wrote:
> Low Sensitivity/Aerospace Internal Use Only
>
> Working on a CentOS-6.5 server, running LTB Project's slapd-2.4.38.
>
> Someone suggested I implement a cn=admin,cn=config for a cn=config setup.
> (I don't know how to technically word that).
>
>
> Anyway, I need to make TLS-related changes and was told to do the
> following command:
>
> *ldapmodify -x -D "cn=admin,cn=config" -W -d 256*
>
> ...then at the blank line type the following, each on a single line:
>
> Dn: cn=config
> Changetype: modify
> Add: olcTLSCipherSuite
> OlcTLSCipherSuite: HIGH:MEDIUM+TLSv1+SSLv3
> <CTRL-D>
>
>
> I have been getting an error reponse of:
> *ldap_result: Can't contact LDAP server (-1)*
>
> This __ONLY__ occurs after I hit <CTRL-D>, not before. Yes, the daemon,
> slapd, is actually running, but after this failure it abruptly stops. I
> know this because in a separate terminal on the same system, I am running a
> while-loop with a ps -e | grep slapd in it.
>
>
> Please note the "-x" option according to the man page for ldapmodify is
> supposed to Use simple authentication instead of SASL.
>
>
> Thank you all for your help, hopefully you can:
>
> 1) tell me what this error means, and
> 2) how to fix my problem so that I can complete the olcTLSxxxx changes I
> need to implement.
>
>
>
>
>
> *Warron French, MBA, SCSA*
> *The Aerospace Corporation*
> Sr. UNIX SA & Storage Admin
> Mailstop: CH1-230
> Desk: 571-307-5311
> Cell: 703-967-8936
>
>
> Low Sensitivity/Aerospace Internal Use Only
10:07 a.m.
Low Sensitivity/Aerospace Internal Use Only
Hi Vikas, I have altered my command line to do the following now:
ldapmodify -x -D "cn=admin,cn=config" -W -d 256 -h
wsf-LabLDAP.lab.aero.org -p 389 -P 3
I still get the exact same error, no change at all.
Warron French, MBA, SCSA
From: Vikas Parashar <para.vikas(a)gmail.com>
To: Warron S French <Warron.S.French(a)aero.org>,
Cc: openldap-technical(a)openldap.org
Date: 01/24/2014 12:09 PM
Subject: Re: OpenLDAP slapd problems - ldap_result: Can't contact
LDAP server (-1) --- Low Sensitivity/Aerospace Internal Use Only
Hi,
That error is clearly saying. "unable to connect" that's mean you need to
pass host as well..
On Fri, Jan 24, 2014 at 9:58 PM, Warron S French <Warron.S.French(a)aero.org
wrote:
Low Sensitivity/Aerospace Internal Use Only
Working on a CentOS-6.5 server, running LTB Project's slapd-2.4.38.
Someone suggested I implement a cn=admin,cn=config for a cn=config setup.
(I don't know how to technically word that).
Anyway, I need to make TLS-related changes and was told to do the
following command:
ldapmodify -x -D "cn=admin,cn=config" -W -d 256
...then at the blank line type the following, each on a single line:
Dn: cn=config
Changetype: modify
Add: olcTLSCipherSuite
OlcTLSCipherSuite: HIGH:MEDIUM+TLSv1+SSLv3
<CTRL-D>
I have been getting an error reponse of:
ldap_result: Can't contact LDAP server (-1)
This __ONLY__ occurs after I hit <CTRL-D>, not before. Yes, the daemon,
slapd, is actually running, but after this failure it abruptly stops. I
know this because in a separate terminal on the same system, I am running
a while-loop with a ps -e | grep slapd in it.
Please note the "-x" option according to the man page for ldapmodify is
supposed to Use simple authentication instead of SASL.
Thank you all for your help, hopefully you can:
1) tell me what this error means, and
2) how to fix my problem so that I can complete the olcTLSxxxx changes I
need to implement.
Warron French, MBA, SCSA
Low Sensitivity/Aerospace Internal Use Only
Low Sensitivity/Aerospace Internal Use Only
11:33 a.m.
Hey,
Please check, below is working or not??
ldapsearch -w yourpassword -x -D cn=admin,cn=config -b cn=config
On Fri, Jan 24, 2014 at 11:37 PM, Warron S French
<Warron.S.French(a)aero.org>wrote:
Low Sensitivity/Aerospace Internal Use Only
Hi Vikas, I have altered my command line to do the following now:
*ldapmodify -x -D "cn=admin,cn=config" -W -d 256** -h
wsf-LabLDAP.lab.aero.org <http://wsf-LabLDAP.lab.aero.org> -p 389 -P 3*
I still get the exact same error, no change at all.
*Warron French, MBA, SCSA*
From: Vikas Parashar <para.vikas(a)gmail.com>
To: Warron S French <Warron.S.French(a)aero.org>,
Cc: openldap-technical(a)openldap.org
Date: 01/24/2014 12:09 PM
Subject: Re: OpenLDAP slapd problems - ldap_result: Can't contact
LDAP server (-1) --- Low Sensitivity/Aerospace Internal Use Only
------------------------------
Hi,
That error is clearly saying. "unable to connect" that's mean you need to
pass host as well..
On Fri, Jan 24, 2014 at 9:58 PM, Warron S French <
*Warron.S.French(a)aero.org* <Warron.S.French(a)aero.org>> wrote:
Low Sensitivity/Aerospace Internal Use Only
Working on a CentOS-6.5 server, running LTB Project's slapd-2.4.38.
Someone suggested I implement a cn=admin,cn=config for a cn=config setup.
(I don't know how to technically word that).
Anyway, I need to make TLS-related changes and was told to do the
following command:
* ldapmodify -x -D "cn=admin,cn=config" -W -d 256*
...then at the blank line type the following, each on a single line:
Dn: cn=config
Changetype: modify
Add: olcTLSCipherSuite
OlcTLSCipherSuite: HIGH:MEDIUM+TLSv1+SSLv3
<CTRL-D>
I have been getting an error reponse of:
* ldap_result: Can't contact LDAP server (-1)*
This __ONLY__ occurs after I hit <CTRL-D>, not before. Yes, the daemon,
slapd, is actually running, but after this failure it abruptly stops. I
know this because in a separate terminal on the same system, I am running a
while-loop with a ps -e | grep slapd in it.
Please note the "-x" option according to the man page for ldapmodify is
supposed to Use simple authentication instead of SASL.
Thank you all for your help, hopefully you can:
1) tell me what this error means, and
2) how to fix my problem so that I can complete the olcTLSxxxx changes I
need to implement.
* Warron French, MBA, SCSA*
Low Sensitivity/Aerospace Internal Use Only
Low Sensitivity/Aerospace Internal Use Only
11:44 a.m.
Low Sensitivity/Aerospace Internal Use Only
I attempted that command verbatim, substituting my own password, but the
UNIX Bash SHELL does its substitution and part of my password uses '!9' in
it. That was not working at all.
However, instead of using "-w yourpassword" I substituted in " -W "
instead to get prompted at the command-line. That did work, and I got
tons of reasonable information back about the configuration.
To be clear, I used the following on the command line since the UNIX shell
wanted to substitute...
ldapsearch -W -x -D cn=admin,cn=config -b cn=config
I hope this gave you accurate feedback.
Warron French, MBA, SCSA
From: Vikas Parashar <para.vikas(a)gmail.com>
To: Warron S French <Warron.S.French(a)aero.org>,
Cc: openldap-technical(a)openldap.org
Date: 01/24/2014 02:33 PM
Subject: Re: OpenLDAP slapd problems - ldap_result: Can't contact
LDAP server (-1) --- Low Sensitivity/Aerospace Internal Use Only
Hey,
Please check, below is working or not??
ldapsearch -w yourpassword -x -D cn=admin,cn=config -b cn=config
On Fri, Jan 24, 2014 at 11:37 PM, Warron S French <
Warron.S.French(a)aero.org> wrote:
Low Sensitivity/Aerospace Internal Use Only
Hi Vikas, I have altered my command line to do the following now:
ldapmodify -x -D "cn=admin,cn=config" -W -d 256 -h
wsf-LabLDAP.lab.aero.org -p 389 -P 3
I still get the exact same error, no change at all.
Warron French, MBA, SCSA
From: Vikas Parashar <para.vikas(a)gmail.com>
To: Warron S French <Warron.S.French(a)aero.org>,
Cc: openldap-technical(a)openldap.org
Date: 01/24/2014 12:09 PM
Subject: Re: OpenLDAP slapd problems - ldap_result: Can't contact
LDAP server (-1) --- Low Sensitivity/Aerospace Internal Use Only
Hi,
That error is clearly saying. "unable to connect" that's mean you need to
pass host as well..
On Fri, Jan 24, 2014 at 9:58 PM, Warron S French <Warron.S.French(a)aero.org
wrote:
Low Sensitivity/Aerospace Internal Use Only
Working on a CentOS-6.5 server, running LTB Project's slapd-2.4.38.
Someone suggested I implement a cn=admin,cn=config for a cn=config setup.
(I don't know how to technically word that).
Anyway, I need to make TLS-related changes and was told to do the
following command:
ldapmodify -x -D "cn=admin,cn=config" -W -d 256
...then at the blank line type the following, each on a single line:
Dn: cn=config
Changetype: modify
Add: olcTLSCipherSuite
OlcTLSCipherSuite: HIGH:MEDIUM+TLSv1+SSLv3
<CTRL-D>
I have been getting an error reponse of:
ldap_result: Can't contact LDAP server (-1)
This __ONLY__ occurs after I hit <CTRL-D>, not before. Yes, the daemon,
slapd, is actually running, but after this failure it abruptly stops. I
know this because in a separate terminal on the same system, I am running
a while-loop with a ps -e | grep slapd in it.
Please note the "-x" option according to the man page for ldapmodify is
supposed to Use simple authentication instead of SASL.
Thank you all for your help, hopefully you can:
1) tell me what this error means, and
2) how to fix my problem so that I can complete the olcTLSxxxx changes I
need to implement.
Warron French, MBA, SCSA
Low Sensitivity/Aerospace Internal Use Only
Low Sensitivity/Aerospace Internal Use Only
Low Sensitivity/Aerospace Internal Use Only
1:44 p.m.
That's means everything is fine. Please try to use this..
*ldapmodify -W -x -D cn=admin,cn=config -b cn=config* -f
/tmp/abc.ldif
If it will not work. Then i will tell you another trick to short out this.
On Sat, Jan 25, 2014 at 1:14 AM, Warron S French
<Warron.S.French(a)aero.org>wrote:
Low Sensitivity/Aerospace Internal Use Only
I attempted that command verbatim, substituting my own password, but the
UNIX Bash SHELL does its substitution and part of my password uses '!9' in
it. That was not working at all.
However, instead of using "-w yourpassword" I substituted in " -W
"
instead to get prompted at the command-line. That did work, and I got tons
of reasonable information back about the configuration.
To be clear, I used the following on the command line since the UNIX shell
wanted to substitute...
*ldapsearch -W -x -D cn=admin,cn=config -b cn=config*
I hope this gave you accurate feedback.
*Warron French, MBA, SCSA*
From: Vikas Parashar <para.vikas(a)gmail.com>
To: Warron S French <Warron.S.French(a)aero.org>,
Cc: openldap-technical(a)openldap.org
Date: 01/24/2014 02:33 PM
Subject: Re: OpenLDAP slapd problems - ldap_result: Can't contact
LDAP server (-1) --- Low Sensitivity/Aerospace Internal Use Only
------------------------------
Hey,
Please check, below is working or not??
ldapsearch -w yourpassword -x -D cn=admin,cn=config -b cn=config
On Fri, Jan 24, 2014 at 11:37 PM, Warron S French <
*Warron.S.French(a)aero.org* <Warron.S.French(a)aero.org>> wrote:
Low Sensitivity/Aerospace Internal Use Only
Hi Vikas, I have altered my command line to do the following now:
* ldapmodify -x -D "cn=admin,cn=config" -W -d 256 -h *
*wsf-LabLDAP.lab.aero.org* <http://wsf-labldap.lab.aero.org/>* -p 389 -P
3*
I still get the exact same error, no change at all.
* Warron French, MBA, SCSA*
From: Vikas Parashar <*para.vikas(a)gmail.com* <para.vikas(a)gmail.com>
>
To: Warron S French
<*Warron.S.French@aero.org*<Warron.S.French@aero.org>>,
Cc: *openldap-technical@openldap.org*<openldap-technical@openldap.org>
Date: 01/24/2014 12:09 PM
Subject: Re: OpenLDAP slapd problems - ldap_result: Can't contact
LDAP server (-1) --- Low Sensitivity/Aerospace Internal Use Only
------------------------------
Hi,
That error is clearly saying. "unable to connect" that's mean you need to
pass host as well..
On Fri, Jan 24, 2014 at 9:58 PM, Warron S French <
*Warron.S.French(a)aero.org* <Warron.S.French(a)aero.org>> wrote:
Low Sensitivity/Aerospace Internal Use Only
Working on a CentOS-6.5 server, running LTB Project's slapd-2.4.38.
Someone suggested I implement a cn=admin,cn=config for a cn=config setup.
(I don't know how to technically word that).
Anyway, I need to make TLS-related changes and was told to do the
following command:
* ldapmodify -x -D "cn=admin,cn=config" -W -d 256*
...then at the blank line type the following, each on a single line:
Dn: cn=config
Changetype: modify
Add: olcTLSCipherSuite
OlcTLSCipherSuite: HIGH:MEDIUM+TLSv1+SSLv3
<CTRL-D>
I have been getting an error reponse of:
* ldap_result: Can't contact LDAP server (-1)*
This __ONLY__ occurs after I hit <CTRL-D>, not before. Yes, the daemon,
slapd, is actually running, but after this failure it abruptly stops. I
know this because in a separate terminal on the same system, I am running a
while-loop with a ps -e | grep slapd in it.
Please note the "-x" option according to the man page for ldapmodify is
supposed to Use simple authentication instead of SASL.
Thank you all for your help, hopefully you can:
1) tell me what this error means, and
2) how to fix my problem so that I can complete the olcTLSxxxx changes I
need to implement.
* Warron French, MBA, SCSA*
Low Sensitivity/Aerospace Internal Use Only
Low Sensitivity/Aerospace Internal Use Only
Low Sensitivity/Aerospace Internal Use Only
5:11 a.m.
Low Sensitivity/Aerospace Internal Use Only
Thanks Vikas, but the command as you provided it does not syntactically
work. The -b option is not valid with ldapmodify or ldapadd.
So, I reran the command without the -b option and it too failed, with the
original error I was getting:
ldap_result: Can't contact LDAP server (-1)
Thanks again,
Warron French, MBA, SCSA
From: Vikas Parashar <para.vikas(a)gmail.com>
To: Warron S French <Warron.S.French(a)aero.org>,
Cc: openldap-technical(a)openldap.org
Date: 01/24/2014 04:44 PM
Subject: Re: OpenLDAP slapd problems - ldap_result: Can't contact
LDAP server (-1) --- Low Sensitivity/Aerospace Internal Use Only
That's means everything is fine. Please try to use this..
ldapmodify -W -x -D cn=admin,cn=config -b cn=config -f
/tmp/abc.ldif
If it will not work. Then i will tell you another trick to short out this.
On Sat, Jan 25, 2014 at 1:14 AM, Warron S French <Warron.S.French(a)aero.org
wrote:
Low Sensitivity/Aerospace Internal Use Only
I attempted that command verbatim, substituting my own password, but the
UNIX Bash SHELL does its substitution and part of my password uses '!9' in
it. That was not working at all.
However, instead of using "-w yourpassword" I substituted in " -W "
instead to get prompted at the command-line. That did work, and I got
tons of reasonable information back about the configuration.
To be clear, I used the following on the command line since the UNIX shell
wanted to substitute...
ldapsearch -W -x -D cn=admin,cn=config -b cn=config
I hope this gave you accurate feedback.
Warron French, MBA, SCSA
From: Vikas Parashar <para.vikas(a)gmail.com>
To: Warron S French <Warron.S.French(a)aero.org>,
Cc: openldap-technical(a)openldap.org
Date: 01/24/2014 02:33 PM
Subject: Re: OpenLDAP slapd problems - ldap_result: Can't contact
LDAP server (-1) --- Low Sensitivity/Aerospace Internal Use Only
Hey,
Please check, below is working or not??
ldapsearch -w yourpassword -x -D cn=admin,cn=config -b cn=config
On Fri, Jan 24, 2014 at 11:37 PM, Warron S French <
Warron.S.French(a)aero.org wrote:
Low Sensitivity/Aerospace
Internal Use Only
Hi Vikas, I have altered my command line to do the following now:
ldapmodify -x -D "cn=admin,cn=config" -W -d 256 -h
wsf-LabLDAP.lab.aero.org -p 389 -P 3
I still get the exact same error, no change at all.
Warron French, MBA, SCSA
From: Vikas Parashar <para.vikas(a)gmail.com>
To: Warron S French <Warron.S.French(a)aero.org>,
Cc: openldap-technical(a)openldap.org
Date: 01/24/2014 12:09 PM
Subject: Re: OpenLDAP slapd problems - ldap_result: Can't contact
LDAP server (-1) --- Low Sensitivity/Aerospace Internal Use Only
Hi,
That error is clearly saying. "unable to connect" that's mean you need to
pass host as well..
On Fri, Jan 24, 2014 at 9:58 PM, Warron S French <Warron.S.French(a)aero.org
wrote:
Low Sensitivity/Aerospace Internal Use Only
Working on a CentOS-6.5 server, running LTB Project's slapd-2.4.38.
Someone suggested I implement a cn=admin,cn=config for a cn=config setup.
(I don't know how to technically word that).
Anyway, I need to make TLS-related changes and was told to do the
following command:
ldapmodify -x -D "cn=admin,cn=config" -W -d 256
...then at the blank line type the following, each on a single line:
Dn: cn=config
Changetype: modify
Add: olcTLSCipherSuite
OlcTLSCipherSuite: HIGH:MEDIUM+TLSv1+SSLv3
<CTRL-D>
I have been getting an error reponse of:
ldap_result: Can't contact LDAP server (-1)
This __ONLY__ occurs after I hit <CTRL-D>, not before. Yes, the daemon,
slapd, is actually running, but after this failure it abruptly stops. I
know this because in a separate terminal on the same system, I am running
a while-loop with a ps -e | grep slapd in it.
Please note the "-x" option according to the man page for ldapmodify is
supposed to Use simple authentication instead of SASL.
Thank you all for your help, hopefully you can:
1) tell me what this error means, and
2) how to fix my problem so that I can complete the olcTLSxxxx changes I
need to implement.
Warron French, MBA, SCSA
Low Sensitivity/Aerospace Internal Use Only
Low Sensitivity/Aerospace Internal Use Only
Low Sensitivity/Aerospace Internal Use Only
Low Sensitivity/Aerospace Internal Use Only
11:33 p.m.
New subject: Antw: OpenLDAP slapd problems - ldap_result: Can't contact LDAP server (-1) --- Low Sensitivity/Aerospace Internal Use Only
>> Warron S French <Warron.S.French(a)aero.org> schrieb am
24.01.2014 um 17:28 in
Nachricht
<OFE6BBFCB7.3C423E61-ON85257C6A.005A0B4C-85257C6A.005A6E20(a)notes.aero.org>:
Low Sensitivity/Aerospace Internal Use Only
Working on a CentOS-6.5 server, running LTB Project's slapd-2.4.38.
Someone suggested I implement a cn=admin,cn=config for a cn=config setup.
(I don't know how to technically word that).
Anyway, I need to make TLS-related changes and was told to do the
following command:
ldapmodify -x -D "cn=admin,cn=config" -W -d 256
Try "ldapmodify -ZZ -x -W -D cn=_your_admin_-v -f _your_ldif_file"
...then at the blank line type the following, each on a single line:
Dn: cn=config
Changetype: modify
Add: olcTLSCipherSuite
OlcTLSCipherSuite: HIGH:MEDIUM+TLSv1+SSLv3
<CTRL-D>
I have been getting an error reponse of:
ldap_result: Can't contact LDAP server (-1)
This __ONLY__ occurs after I hit <CTRL-D>, not before. Yes, the daemon,
slapd, is actually running, but after this failure it abruptly stops. I
know this because in a separate terminal on the same system, I am running
a while-loop with a ps -e | grep slapd in it.
Please note the "-x" option according to the man page for ldapmodify is
supposed to Use simple authentication instead of SASL.
Thank you all for your help, hopefully you can:
1) tell me what this error means, and
2) how to fix my problem so that I can complete the olcTLSxxxx changes I
need to implement.
Warron French, MBA, SCSA
The Aerospace Corporation
Sr. UNIX SA & Storage Admin
Mailstop: CH1-230
Desk: 571-307-5311
Cell: 703-967-8936
Low Sensitivity/Aerospace Internal Use Only
5:16 a.m.
New subject: Antw: OpenLDAP slapd problems - ldap_result: Can't contact LDAP server (-1) --- Low Sensitivity/Aerospace Internal Use Only
Low Sensitivity/Aerospace Internal Use Only
Ulrich, I attempted what you suggested as well, but I got back a different
error. And I don't know if it makes any difference, but I don't have TLS
configurations in place yet; that is what I am attempting to accomplish.
Anyway, after performing the following command:
ldapmodify -ZZ -x -W -D cn=admin,cn=config -v -f /tmp/LDAP-CONFIG-TLS.ldif
I got the following error in response:
ldap_initialize( <DEFAULT> )
ldap_start_tls: Protocol error (2)
Additional info: unsupported extended operation
Thanks for the help,
Warron French, MBA, SCSA
From: "Ulrich Windl" <Ulrich.Windl(a)rz.uni-regensburg.de>
To: "Warron S French" <Warron.S.French(a)aero.org>,
<openldap-technical(a)openldap.org>,
Date: 01/27/2014 02:34 AM
Subject: Antw: OpenLDAP slapd problems - ldap_result: Can't contact
LDAP server (-1) --- Low Sensitivity/Aerospace Internal Use Only
>> Warron S French <Warron.S.French(a)aero.org> schrieb am
24.01.2014 um
17:28 in
Nachricht
<OFE6BBFCB7.3C423E61-ON85257C6A.005A0B4C-85257C6A.005A6E20(a)notes.aero.org>:
Low Sensitivity/Aerospace Internal Use Only
Working on a CentOS-6.5 server, running LTB Project's slapd-2.4.38.
Someone suggested I implement a cn=admin,cn=config for a cn=config
setup.
(I don't know how to technically word that).
Anyway, I need to make TLS-related changes and was told to do the
following command:
ldapmodify -x -D "cn=admin,cn=config" -W -d 256
Try "ldapmodify -ZZ -x -W -D cn=_your_admin_-v -f _your_ldif_file"
...then at the blank line type the following, each on a single line:
Dn: cn=config
Changetype: modify
Add: olcTLSCipherSuite
OlcTLSCipherSuite: HIGH:MEDIUM+TLSv1+SSLv3
<CTRL-D>
I have been getting an error reponse of:
ldap_result: Can't contact LDAP server (-1)
This __ONLY__ occurs after I hit <CTRL-D>, not before. Yes, the daemon,
slapd, is actually running, but after this failure it abruptly stops.
I
know this because in a separate terminal on the same system, I am
running
a while-loop with a ps -e | grep slapd in it.
Please note the "-x" option according to the man page for ldapmodify is
supposed to Use simple authentication instead of SASL.
Thank you all for your help, hopefully you can:
1) tell me what this error means, and
2) how to fix my problem so that I can complete the olcTLSxxxx changes I
need to implement.
Warron French, MBA, SCSA
The Aerospace Corporation
Sr. UNIX SA & Storage Admin
Mailstop: CH1-230
Desk: 571-307-5311
Cell: 703-967-8936
Low Sensitivity/Aerospace Internal Use Only
Low Sensitivity/Aerospace Internal Use Only
6:24 a.m.
New subject: Antw: OpenLDAP slapd problems - ldap_result: Can't contact LDAP server (-1) --- Low Sensitivity/Aerospace Internal Use Only
Hi,
Sorry! that was the typo. -b for the base only. In ldap modify, you don't
need to use -b.
You can do the same thing with slapd.conf file. later on, you can create a
slapd.d directory with the help of slaptest command.
slaptest -f slapd.conf -F slapd.d
In this temporary directory, you will get a configuration({0}config.ldif)
file under slapd.d/cn=conifg directory. you can replace it and resxtart the
service.
Or in current ldapmodify, please run it with deeper debug level. You may
use -d option for it.
On Mon, Jan 27, 2014 at 6:46 PM, Warron S French
<Warron.S.French(a)aero.org>wrote:
Low Sensitivity/Aerospace Internal Use Only
Ulrich, I attempted what you suggested as well, but I got back a different
error. And I don't know if it makes any difference, but I don't have TLS
configurations in place yet; that is what I am attempting to accomplish.
Anyway, after performing the following command:
*ldapmodify -ZZ -x -W -D cn=admin,cn=config -v -f
/tmp/LDAP-CONFIG-TLS.ldif*
I got the following error in response:
*ldap_initialize( <DEFAULT> )*
*ldap_start_tls: Protocol error (2)*
* Additional info: unsupported extended operation*
Thanks for the help,
*Warron French, MBA, SCSA*
From: "Ulrich Windl" <Ulrich.Windl(a)rz.uni-regensburg.de>
To: "Warron S French" <Warron.S.French(a)aero.org>, <
openldap-technical(a)openldap.org>,
Date: 01/27/2014 02:34 AM
Subject: Antw: OpenLDAP slapd problems - ldap_result: Can't
contact LDAP server (-1) --- Low Sensitivity/Aerospace Internal Use Only
------------------------------
>>> Warron S French <Warron.S.French(a)aero.org> schrieb am 24.01.2014 um
17:28 in
Nachricht
<OFE6BBFCB7.3C423E61-ON85257C6A.005A0B4C-85257C6A.005A6E20(a)notes.aero.org
>:
> Low Sensitivity/Aerospace Internal Use Only
>
> Working on a CentOS-6.5 server, running LTB Project's slapd-2.4.38.
>
> Someone suggested I implement a cn=admin,cn=config for a cn=config
setup.
> (I don't know how to technically word that).
>
>
> Anyway, I need to make TLS-related changes and was told to do the
> following command:
>
> ldapmodify -x -D "cn=admin,cn=config" -W -d 256
Try "ldapmodify -ZZ -x -W -D cn=_your_admin_-v -f _your_ldif_file"
>
> ...then at the blank line type the following, each on a single line:
>
> Dn: cn=config
> Changetype: modify
> Add: olcTLSCipherSuite
> OlcTLSCipherSuite: HIGH:MEDIUM+TLSv1+SSLv3
> <CTRL-D>
>
>
> I have been getting an error reponse of:
> ldap_result: Can't contact LDAP server (-1)
>
> This __ONLY__ occurs after I hit <CTRL-D>, not before. Yes, the daemon,
> slapd, is actually running, but after this failure it abruptly stops. I
> know this because in a separate terminal on the same system, I am
running
> a while-loop with a ps -e | grep slapd in it.
>
>
> Please note the "-x" option according to the man page for ldapmodify is
> supposed to Use simple authentication instead of SASL.
>
>
> Thank you all for your help, hopefully you can:
>
> 1) tell me what this error means, and
> 2) how to fix my problem so that I can complete the olcTLSxxxx changes I
> need to implement.
>
>
>
>
>
> Warron French, MBA, SCSA
> The Aerospace Corporation
> Sr. UNIX SA & Storage Admin
> Mailstop: CH1-230
> Desk: 571-307-5311
> Cell: 703-967-8936
>
>
> Low Sensitivity/Aerospace Internal Use Only
Low Sensitivity/Aerospace Internal Use Only
6:49 a.m.
New subject: Antw: OpenLDAP slapd problems - ldap_result: Can't contact LDAP server (-1) --- Low Sensitivity/Aerospace Internal Use Only
Low Sensitivity/Aerospace Internal Use Only
Vikas, thanks for replying some more, but your last email is a little out
of context for me personally.
I did drop the -b argument (and the associated value) and still the slapd
daemon crashed. I am starting to wonder if this is an OpenLDAP or LTB
Project OpenLDAP problem since no one else is chiming in with solutions
and troubleshooting.
As for the slaptest, it didn't generate any content into the slapd.d
directory at all. I mentioned this to the person I was collaborating with
since I am attempting to document a process from scratch-to-finish.
That same person suggested I attempt to use ApacheDirectoryStudio to
interact with the slapd and configurations. I just attempted to connect
to the cn=config ??Context?? And I was able to add an attribute (
olcTLSCipherSuite), but as soon as I attempted to add a value (
HIGH:MEDIUM+TLSv1+SSLv3) the connection dropped in ApacheDirectoryStudio.
Warron French, MBA, SCSA
From: Vikas Parashar <para.vikas(a)gmail.com>
To: Warron S French <Warron.S.French(a)aero.org>,
Cc: Ulrich Windl <Ulrich.Windl(a)rz.uni-regensburg.de>,
openldap-technical(a)openldap.org
Date: 01/27/2014 09:24 AM
Subject: Re: Antw: OpenLDAP slapd problems - ldap_result: Can't
contact LDAP server (-1) --- Low Sensitivity/Aerospace Internal Use Only
Hi,
Sorry! that was the typo. -b for the base only. In ldap modify, you don't
need to use -b.
You can do the same thing with slapd.conf file. later on, you can create a
slapd.d directory with the help of slaptest command.
slaptest -f slapd.conf -F slapd.d
In this temporary directory, you will get a configuration({0}config.ldif)
file under slapd.d/cn=conifg directory. you can replace it and resxtart
the service.
Or in current ldapmodify, please run it with deeper debug level. You may
use -d option for it.
On Mon, Jan 27, 2014 at 6:46 PM, Warron S French <Warron.S.French(a)aero.org
wrote:
Low Sensitivity/Aerospace Internal Use Only
Ulrich, I attempted what you suggested as well, but I got back a different
error. And I don't know if it makes any difference, but I don't have TLS
configurations in place yet; that is what I am attempting to accomplish.
Anyway, after performing the following command:
ldapmodify -ZZ -x -W -D cn=admin,cn=config -v -f /tmp/LDAP-CONFIG-TLS.ldif
I got the following error in response:
ldap_initialize( <DEFAULT> )
ldap_start_tls: Protocol error (2)
Additional info: unsupported extended operation
Thanks for the help,
Warron French, MBA, SCSA
From: "Ulrich Windl" <Ulrich.Windl(a)rz.uni-regensburg.de>
To: "Warron S French" <Warron.S.French(a)aero.org>, <
openldap-technical(a)openldap.org>,
Date: 01/27/2014 02:34 AM
Subject: Antw: OpenLDAP slapd problems - ldap_result: Can't contact
LDAP server (-1) --- Low Sensitivity/Aerospace Internal Use Only
>> Warron S French <Warron.S.French(a)aero.org> schrieb am
24.01.2014 um
17:28 in
Nachricht
<OFE6BBFCB7.3C423E61-ON85257C6A.005A0B4C-85257C6A.005A6E20(a)notes.aero.org
:
Low Sensitivity/Aerospace Internal Use Only
Working on a CentOS-6.5 server, running LTB Project's slapd-2.4.38.
Someone suggested I implement a cn=admin,cn=config for a cn=config
setup.
(I don't know how to technically word that).
Anyway, I need to make TLS-related changes and was told to do the
following command:
ldapmodify -x -D "cn=admin,cn=config" -W -d 256
Try "ldapmodify -ZZ -x -W -D cn=_your_admin_-v -f _your_ldif_file"
...then at the blank line type the following, each on a single line:
Dn: cn=config
Changetype: modify
Add: olcTLSCipherSuite
OlcTLSCipherSuite: HIGH:MEDIUM+TLSv1+SSLv3
<CTRL-D>
I have been getting an error reponse of:
ldap_result: Can't contact LDAP server (-1)
This __ONLY__ occurs after I hit <CTRL-D>, not before. Yes, the daemon,
slapd, is actually running, but after this failure it abruptly stops.
I
know this because in a separate terminal on the same system, I am
running
a while-loop with a ps -e | grep slapd in it.
Please note the "-x" option according to the man page for ldapmodify is
supposed to Use simple authentication instead of SASL.
Thank you all for your help, hopefully you can:
1) tell me what this error means, and
2) how to fix my problem so that I can complete the olcTLSxxxx changes I
need to implement.
Warron French, MBA, SCSA
The Aerospace Corporation
Sr. UNIX SA & Storage Admin
Mailstop: CH1-230
Desk: 571-307-5311
Cell: 703-967-8936
Low Sensitivity/Aerospace Internal Use Only
Low Sensitivity/Aerospace Internal Use Only
Low Sensitivity/Aerospace Internal Use Only
8:28 a.m.
New subject: OpenLDAP slapd problems - ldap_result: Can't contact LDAP server (-1) result.c:813 --- Low Sensitivity/Aerospace Internal Use Only
Low Sensitivity/Aerospace Internal Use Only
LTB-Project.org or OpenLDAP.org developers, please help:
I am still having problems with adding (via .ldif file) the following LDIF
file contents of /tmp/LDAP-CONFIG-TLS.ldif:
dn: cn=config
changetype: modify
add: olcTLSCipherSuite
olcTLSCipherSuite: TLSv1+RSA:\!EXP:\!MD5:\!NULL (<- not sure if
that argument is valid for that CipherSuite selection either)
I use the following ldapmodify command:
ldapmodify -x -D "cn=admin,cn=config" -W -f
/tmp/LDAP-CONFIG-TLS.ldif
Because I have debugging turned up (to -d 32768), the results now look
like:
modifying entry "cn=config"
52e68423 connection_input: conn=1000 deferring operation: binding
slapd: result.c:813: slap_send_ldap_result: Assertion `!((rs->sr_err)<0)'
failed.
ldap_result: Can't contact LDAP server (-1)
I saw a thread on openldap.org on the following link,
http://www.openldap.org/lists/openldap-bugs/201308/msg00066.html , that
has the exact same error. I can see that Howard Chu from Symas fixed the
problem for Symas, did LTB Project fix this problem? I cannot find any
threads via websearch for this issue.
What do I need to do in order to get my LDAP running with TLS?
Warron French, MBA, SCSA
From: Warron S French <Warron.S.French(a)aero.org>
To: Vikas Parashar <para.vikas(a)gmail.com>,
Cc: Ulrich Windl <Ulrich.Windl(a)rz.uni-regensburg.de>,
openldap-technical(a)openldap.org
Date: 01/27/2014 10:19 AM
Subject: [WARNING: SPOOFED E-MAIL--Non-Aerospace Sender] Re: Antw:
OpenLDAP slapd problems - ldap_result: Can't contact LDAP server (-1) ---
Low Sensitivity/Aerospace Internal Use Only
Sent by: openldap-technical-bounces(a)OpenLDAP.org
Low Sensitivity/Aerospace Internal Use Only
Vikas, thanks for replying some more, but your last email is a little out
of context for me personally.
I did drop the -b argument (and the associated value) and still the slapd
daemon crashed. I am starting to wonder if this is an OpenLDAP or LTB
Project OpenLDAP problem since no one else is chiming in with solutions
and troubleshooting.
As for the slaptest, it didn't generate any content into the slapd.d
directory at all. I mentioned this to the person I was collaborating with
since I am attempting to document a process from scratch-to-finish.
That same person suggested I attempt to use ApacheDirectoryStudio to
interact with the slapd and configurations. I just attempted to connect
to the cn=config ??Context?? And I was able to add an attribute (
olcTLSCipherSuite), but as soon as I attempted to add a value (
HIGH:MEDIUM+TLSv1+SSLv3) the connection dropped in ApacheDirectoryStudio.
Warron French, MBA, SCSA
From: Vikas Parashar <para.vikas(a)gmail.com>
To: Warron S French <Warron.S.French(a)aero.org>,
Cc: Ulrich Windl <Ulrich.Windl(a)rz.uni-regensburg.de>,
openldap-technical(a)openldap.org
Date: 01/27/2014 09:24 AM
Subject: Re: Antw: OpenLDAP slapd problems - ldap_result: Can't
contact LDAP server (-1) --- Low Sensitivity/Aerospace Internal Use Only
Hi,
Sorry! that was the typo. -b for the base only. In ldap modify, you don't
need to use -b.
You can do the same thing with slapd.conf file. later on, you can create a
slapd.d directory with the help of slaptest command.
slaptest -f slapd.conf -F slapd.d
In this temporary directory, you will get a configuration({0}config.ldif)
file under slapd.d/cn=conifg directory. you can replace it and resxtart
the service.
Or in current ldapmodify, please run it with deeper debug level. You may
use -d option for it.
On Mon, Jan 27, 2014 at 6:46 PM, Warron S French <Warron.S.French(a)aero.org
wrote:
Low Sensitivity/Aerospace Internal Use Only
Ulrich, I attempted what you suggested as well, but I got back a different
error. And I don't know if it makes any difference, but I don't have TLS
configurations in place yet; that is what I am attempting to accomplish.
Anyway, after performing the following command:
ldapmodify -ZZ -x -W -D cn=admin,cn=config -v -f /tmp/LDAP-CONFIG-TLS.ldif
I got the following error in response:
ldap_initialize( <DEFAULT> )
ldap_start_tls: Protocol error (2)
Additional info: unsupported extended operation
Thanks for the help,
Warron French, MBA, SCSA
From: "Ulrich Windl" <Ulrich.Windl(a)rz.uni-regensburg.de>
To: "Warron S French" <Warron.S.French(a)aero.org>, <
openldap-technical(a)openldap.org>,
Date: 01/27/2014 02:34 AM
Subject: Antw: OpenLDAP slapd problems - ldap_result: Can't contact
LDAP server (-1) --- Low Sensitivity/Aerospace Internal Use Only
>> Warron S French <Warron.S.French(a)aero.org> schrieb am
24.01.2014 um
17:28 in
Nachricht
<OFE6BBFCB7.3C423E61-ON85257C6A.005A0B4C-85257C6A.005A6E20(a)notes.aero.org
:
Low Sensitivity/Aerospace Internal Use Only
Working on a CentOS-6.5 server, running LTB Project's slapd-2.4.38.
Someone suggested I implement a cn=admin,cn=config for a cn=config
setup.
(I don't know how to technically word that).
Anyway, I need to make TLS-related changes and was told to do the
following command:
ldapmodify -x -D "cn=admin,cn=config" -W -d 256
Try "ldapmodify -ZZ -x -W -D cn=_your_admin_-v -f _your_ldif_file"
...then at the blank line type the following, each on a single line:
Dn: cn=config
Changetype: modify
Add: olcTLSCipherSuite
OlcTLSCipherSuite: HIGH:MEDIUM+TLSv1+SSLv3
<CTRL-D>
I have been getting an error reponse of:
ldap_result: Can't contact LDAP server (-1)
This __ONLY__ occurs after I hit <CTRL-D>, not before. Yes, the daemon,
slapd, is actually running, but after this failure it abruptly stops.
I
know this because in a separate terminal on the same system, I am
running
a while-loop with a ps -e | grep slapd in it.
Please note the "-x" option according to the man page for ldapmodify is
supposed to Use simple authentication instead of SASL.
Thank you all for your help, hopefully you can:
1) tell me what this error means, and
2) how to fix my problem so that I can complete the olcTLSxxxx changes I
need to implement.
Warron French, MBA, SCSA
The Aerospace Corporation
Sr. UNIX SA & Storage Admin
Mailstop: CH1-230
Desk: 571-307-5311
Cell: 703-967-8936
Low Sensitivity/Aerospace Internal Use Only
Low Sensitivity/Aerospace Internal Use Only
Low Sensitivity/Aerospace Internal Use Only
Low Sensitivity/Aerospace Internal Use Only
10:48 a.m.
New subject: OpenLDAP slapd problems - ldap_result: Can't contact LDAP server (-1) result.c:813 --- Low Sensitivity/Aerospace Internal Use Only
--On Monday, January 27, 2014 11:28 AM -0500 Warron S French
<Warron.S.French(a)aero.org> wrote:
Low Sensitivity/Aerospace Internal Use Only
LTB-Project.org or OpenLDAP.org developers, please help:
I am still having problems with adding (via .ldif file) the following
LDIF file contents of /tmp/LDAP-CONFIG-TLS.ldif:
dn: cn=config
changetype: modify
add: olcTLSCipherSuite
olcTLSCipherSuite: TLSv1+RSA:\!EXP:\!MD5:\!NULL (<- not sure if
that argument is valid for that CipherSuite selection either)
I use the following ldapmodify command:
ldapmodify -x -D "cn=admin,cn=config" -W -f
/tmp/LDAP-CONFIG-TLS.ldif
Because I have debugging turned up (to -d 32768), the results now look
like:
modifying entry "cn=config"
52e68423 connection_input: conn=1000 deferring operation: binding
slapd: result.c:813: slap_send_ldap_result: Assertion
`!((rs->sr_err)<0)' failed.
ldap_result: Can't contact LDAP server (-1)
This means you triggered an assertion, which caused slapd to exit. I
suggest you file an ITS (http://www.openldap.org/its)
--Quanah
--
Quanah Gibson-Mount
Architect - Server
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
12:37 p.m.
New subject: OpenLDAP slapd problems - ldap_result: Can't contact LDAP server (-1) result.c:813 --- Low Sensitivity/Aerospace Internal Use Only
Low Sensitivity/Aerospace Internal Use Only
Hello still getting the exact same Assertion and slapd: result.c:813:
error, only now with OpenLDAP-2.4.39 running instead of OpenLDAP-2.4.38.
I run the following command:
ldapmodify -x -D "cn=admin,cn=config" -W -f /tmp/LDAP-CONFIG-TLS.ldif -v
-d 32768
/tmp/LDAP-CONFIG-TLS.ldif contains:
dn: cn=config
changetype: modify
Add: olcTLSCipherSuite
olcTLSCipherSuite: TLSv1+RSA:\!EXP:\!MD5:\!NULL
I already have slapd running with the -d 32768 argument as well. Here is
the specific process with arguments according to ps -ef:
Ldap 26636 26597 0 15:10 pts/1 00:00:00
/usr/local/openldap/libexec/slapd -h ldap://*:389 ldaps://*:636 -d
32768 -F /usr/local/openldap/etc/openldap/slapd.d -u ldap -g ldap -l
local4
The output I receive as a result is:
ldap_initialize( <DEFAULT> )
Enter LDAP Password:
add olcTLSCipherSuite:
TLSv1+RSA:\!EXP:\!MD5:\!NULL
modifying entry "cn=config"
slapd: result.c:813: slapd_send_ldap_result: Assertion `!((rs->sr_err)<0)'
failed.
ldap_result: Can't contact LDAP server (-1)
All I am trying to do is get TLS configured on the LDAP server in order
for clients to be able to connect over TLS.
Warron French, MBA, SCSA
From: Quanah Gibson-Mount <quanah(a)zimbra.com>
To: Warron S French <Warron.S.French(a)aero.org>,
Cc: openldap-technical(a)openldap.org
Date: 01/27/2014 01:58 PM
Subject: Re: OpenLDAP slapd problems - ldap_result: Can't contact
LDAP server (-1) result.c:813 --- Low Sensitivity/Aerospace Internal Use
Only
Sent by: openldap-technical-bounces(a)OpenLDAP.org
--On Monday, January 27, 2014 11:28 AM -0500 Warron S French
<Warron.S.French(a)aero.org> wrote:
Low Sensitivity/Aerospace Internal Use Only
LTB-Project.org or OpenLDAP.org developers, please help:
I am still having problems with adding (via .ldif file) the following
LDIF file contents of /tmp/LDAP-CONFIG-TLS.ldif:
dn: cn=config
changetype: modify
add: olcTLSCipherSuite
olcTLSCipherSuite: TLSv1+RSA:\!EXP:\!MD5:\!NULL (<- not sure
if
that argument is valid for that CipherSuite selection either)
I use the following ldapmodify command:
ldapmodify -x -D "cn=admin,cn=config" -W -f
/tmp/LDAP-CONFIG-TLS.ldif
Because I have debugging turned up (to -d 32768), the results now look
like:
modifying entry "cn=config"
52e68423 connection_input: conn=1000 deferring operation: binding
slapd: result.c:813: slap_send_ldap_result: Assertion
`!((rs->sr_err)<0)' failed.
ldap_result: Can't contact LDAP server (-1)
This means you triggered an assertion, which caused slapd to exit. I
suggest you file an ITS (http://www.openldap.org/its)
--Quanah
--
Quanah Gibson-Mount
Architect - Server
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
Low Sensitivity/Aerospace Internal Use Only
12:41 p.m.
New subject: OpenLDAP slapd problems - ldap_result: Can't contact LDAP server (-1) result.c:813 --- Low Sensitivity/Aerospace Internal Use Only
--On Tuesday, February 04, 2014 3:37 PM -0500 Warron S French
<Warron.S.French(a)aero.org> wrote:
Low Sensitivity/Aerospace Internal Use Only
Hello still getting the exact same Assertion and slapd: result.c:813:
error, only now with OpenLDAP-2.4.39 running instead of OpenLDAP-2.4.38.
Yes, as I have explained to you multiple times now, the fix will be in
2.4.40, or you will need to rebuild 2.4.39 with the patch I linked to you.
--Quanah
--
Quanah Gibson-Mount
Architect - Server
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
9:12 a.m.
New subject: Antw: OpenLDAP slapd problems - ldap_result: Can't contact LDAP server (-1) --- Low Sensitivity/Aerospace Internal Use Only
Hi,
Vikas, thanks for replying some more, but your last email is a little out
of context for me personally.
That i can understand, may be i have moved in more depth.
I did drop the -b argument (and the associated value) and still the
slapd
daemon crashed. I am starting to wonder if this is an OpenLDAP or LTB
Project OpenLDAP problem since no one else is chiming in with solutions and
troubleshooting.
Regret, but that issue is not a big one. I think, we are doing a silly
mistake somewhere.
As for the slaptest, it didn't generate *any* content into the
slapd.d
directory at all. I mentioned this to the person I was collaborating with
since I am attempting to document a process from scratch-to-finish.
slaptest is the utility that create slapd.d directory. I am worry, why it
is not working there.
That same person suggested I attempt to use ApacheDirectoryStudio to
interact with the slapd and configurations. I just attempted to connect to
the cn=config ??Context?? And I was able to add an attribute (
*olcTLSCipherSuite*), but as soon as I attempted to add a value (
*HIGH:MEDIUM+TLSv1+SSLv3*) the connection dropped in
ApacheDirectoryStudio.
*Warron French, MBA, SCSA*
From: Vikas Parashar <para.vikas(a)gmail.com>
To: Warron S French <Warron.S.French(a)aero.org>,
Cc: Ulrich Windl <Ulrich.Windl(a)rz.uni-regensburg.de>,
openldap-technical(a)openldap.org
Date: 01/27/2014 09:24 AM
Subject: Re: Antw: OpenLDAP slapd problems - ldap_result: Can't
contact LDAP server (-1) --- Low Sensitivity/Aerospace Internal Use Only
------------------------------
Hi,
Sorry! that was the typo. -b for the base only. In ldap modify, you don't
need to use -b.
You can do the same thing with slapd.conf file. later on, you can create a
slapd.d directory with the help of slaptest command.
slaptest -f slapd.conf -F slapd.d
In this temporary directory, you will get a configuration({0}config.ldif)
file under slapd.d/cn=conifg directory. you can replace it and resxtart the
service.
Or in current ldapmodify, please run it with deeper debug level. You may
use -d option for it.
On Mon, Jan 27, 2014 at 6:46 PM, Warron S French <
*Warron.S.French(a)aero.org* <Warron.S.French(a)aero.org>> wrote:
Low Sensitivity/Aerospace Internal Use Only
Ulrich, I attempted what you suggested as well, but I got back a different
error. And I don't know if it makes any difference, but I don't have TLS
configurations in place yet; that is what I am attempting to accomplish.
Anyway, after performing the following command:
* ldapmodify -ZZ -x -W -D cn=admin,cn=config -v -f
/tmp/LDAP-CONFIG-TLS.ldif*
I got the following error in response:
* ldap_initialize( <DEFAULT> )*
* ldap_start_tls: Protocol error (2)*
* Additional info: unsupported extended operation*
Thanks for the help,
* Warron French, MBA, SCSA*
From: "Ulrich Windl"
<*Ulrich.Windl@rz.uni-regensburg.de*<Ulrich.Windl@rz.uni-regensburg.de>
>
To: "Warron S French"
<*Warron.S.French@aero.org*<Warron.S.French@aero.org>>,
<*openldap-technical(a)openldap.org* <openldap-technical(a)openldap.org>>,
Date: 01/27/2014 02:34 AM
Subject: Antw: OpenLDAP slapd problems - ldap_result: Can't
contact LDAP server (-1) --- Low Sensitivity/Aerospace Internal Use Only
------------------------------
>>> Warron S French <*Warron.S.French(a)aero.org*
<Warron.S.French(a)aero.org>>
schrieb am 24.01.2014 um 17:28 in
Nachricht
<
*OFE6BBFCB7.3C423E61-ON85257C6A.005A0B4C-85257C6A.005A6E20@notes.aero.org*<OFE6BBFCB7.3C423E61-ON85257C6A.005A0B4C-85257C6A.005A6E20@notes.aero.org>
>:
> Low Sensitivity/Aerospace Internal Use Only
>
> Working on a CentOS-6.5 server, running LTB Project's slapd-2.4.38.
>
> Someone suggested I implement a cn=admin,cn=config for a cn=config
setup.
> (I don't know how to technically word that).
>
>
> Anyway, I need to make TLS-related changes and was told to do the
> following command:
>
> ldapmodify -x -D "cn=admin,cn=config" -W -d 256
Try "ldapmodify -ZZ -x -W -D cn=_your_admin_-v -f _your_ldif_file"
>
> ...then at the blank line type the following, each on a single line:
>
> Dn: cn=config
> Changetype: modify
> Add: olcTLSCipherSuite
> OlcTLSCipherSuite: HIGH:MEDIUM+TLSv1+SSLv3
> <CTRL-D>
>
>
> I have been getting an error reponse of:
> ldap_result: Can't contact LDAP server (-1)
>
> This __ONLY__ occurs after I hit <CTRL-D>, not before. Yes, the daemon,
> slapd, is actually running, but after this failure it abruptly stops. I
> know this because in a separate terminal on the same system, I am
running
> a while-loop with a ps -e | grep slapd in it.
>
>
> Please note the "-x" option according to the man page for ldapmodify is
> supposed to Use simple authentication instead of SASL.
>
>
> Thank you all for your help, hopefully you can:
>
> 1) tell me what this error means, and
> 2) how to fix my problem so that I can complete the olcTLSxxxx changes I
> need to implement.
>
>
>
>
>
> Warron French, MBA, SCSA
> The Aerospace Corporation
> Sr. UNIX SA & Storage Admin
> Mailstop: CH1-230
> Desk: 571-307-5311
> Cell: 703-967-8936
>
>
> Low Sensitivity/Aerospace Internal Use Only
Low Sensitivity/Aerospace Internal Use Only
Low Sensitivity/Aerospace Internal Use Only
3339
days inactive
3350
days old
openldap-technical@openldap.org
16 comments
4 participants
participants (4)
-
Quanah Gibson-Mount -
Ulrich Windl -
Vikas Parashar -
Warron S French