Hello.
I am new to the list, so if you gonna beat me with your feet - please don't hit me in the face.
I did not find help/user list. So post here.
Where can I find working documentation for OpenLDAP?
Most current i found:
https://www.openldap.org/doc/admin24/quickstart.html
It says nothing of TLS encryption. I fail to start service
See output below:
TLSMC: MozNSS compatibility interception begins. tlsmc_intercept_initialization: INFO: entry options follow: tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap/certs' tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server' tlsmc_intercept_initialization: INFO: keyfile = `/etc/openldap/certs/password' tlsmc_convert: INFO: trying to open NSS DB with CACertDir = `/etc/openldap/certs'. tlsmc_open_nssdb: INFO: trying to initialize moznss using security dir `/etc/openldap` prefix `certs`. tlsmc_open_nssdb: WARN: could not initialize MozNSS context - error -8015. tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM configuration is present. tlsmc_intercept_initialization: INFO: altered options follow: tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap' tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server' tlsmc_intercept_initialization: INFO: keyfile = `/etc/openldap/certs/password' tlsmc_intercept_initialization: INFO: successfully intercepted TLS initialization. Continuing with OpenSSL only. TLSMC: MozNSS compatibility interception ends. TLS: could not use certificate `OpenLDAP Server'. TLS: error:02001002:system library:fopen:No such file or directory bss_file.c:402 TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:404 TLS: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib ssl_rsa.c:468 5d5af51b main: TLS init def ctx failed: -1 5d5af51b slapd destroy: freeing system resources. 5d5af51b slapd stopped. 5d5af51b connections_destroy: nothing to destroy.
Where can I submit errata to documentation maintainer?(as quick start clearly doesn't work in my default install of OpenLDAP on CentOS 7)
And how can I start SLAPD without encryption?
I can generate self signed private/public key and make ln -s of my CA cert folder to 'cacertdir = `/etc/openldap'', but this seems SOOO unnecessary. At least on 'try out' step.
Thanks in advance
Dmitri
Please ignore last message.
Apparently I have 2 hands, but both are left hands.(freshly cloned OS with no existing preinstall seemed to work fine and works even after 'systemctl stop slapd ; systemctl start slapd')
Can anyone suggest good book for administration of OpenLDAP on Linux/CentOS. Ideally for kid 5 and up, with many pictures and suitable for 'late bloomer'.
Thanks!
Dmitri
-------- Forwarded Message -------- Subject: any working documentation? Date: Mon, 19 Aug 2019 20:26:28 +0100 From: Dmitri Seletski drjoms@gmail.com To: openldap-technical@openldap.org
Hello.
I am new to the list, so if you gonna beat me with your feet - please don't hit me in the face.
I did not find help/user list. So post here.
Where can I find working documentation for OpenLDAP?
Most current i found:
https://www.openldap.org/doc/admin24/quickstart.html
It says nothing of TLS encryption. I fail to start service
See output below:
TLSMC: MozNSS compatibility interception begins. tlsmc_intercept_initialization: INFO: entry options follow: tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap/certs' tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server' tlsmc_intercept_initialization: INFO: keyfile = `/etc/openldap/certs/password' tlsmc_convert: INFO: trying to open NSS DB with CACertDir = `/etc/openldap/certs'. tlsmc_open_nssdb: INFO: trying to initialize moznss using security dir `/etc/openldap` prefix `certs`. tlsmc_open_nssdb: WARN: could not initialize MozNSS context - error -8015. tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM configuration is present. tlsmc_intercept_initialization: INFO: altered options follow: tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap' tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server' tlsmc_intercept_initialization: INFO: keyfile = `/etc/openldap/certs/password' tlsmc_intercept_initialization: INFO: successfully intercepted TLS initialization. Continuing with OpenSSL only. TLSMC: MozNSS compatibility interception ends. TLS: could not use certificate `OpenLDAP Server'. TLS: error:02001002:system library:fopen:No such file or directory bss_file.c:402 TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:404 TLS: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib ssl_rsa.c:468 5d5af51b main: TLS init def ctx failed: -1 5d5af51b slapd destroy: freeing system resources. 5d5af51b slapd stopped. 5d5af51b connections_destroy: nothing to destroy.
Where can I submit errata to documentation maintainer?(as quick start clearly doesn't work in my default install of OpenLDAP on CentOS 7)
And how can I start SLAPD without encryption?
I can generate self signed private/public key and make ln -s of my CA cert folder to 'cacertdir = `/etc/openldap'', but this seems SOOO unnecessary. At least on 'try out' step.
Thanks in advance
Dmitri
There are a lot of great tutorials out there too: https://linuxhostsupport.com/blog/how-to-install-ldap-on-centos-7/ https://www.itzgeek.com/how-tos/linux/centos-how-tos/step-step-openldap-serv...
I would say try them all, get a feel for it and install/configure it for your needs. Openldap is a great software with many really cool schemas to expand usage https://fossies.org/linux/ldap-account-manager/docs/manual/apa.html
Have fun!
On Mon, Aug 19, 2019 at 7:06 PM Dmitri Seletski drjoms@gmail.com wrote:
Please ignore last message.
Apparently I have 2 hands, but both are left hands.(freshly cloned OS with no existing preinstall seemed to work fine and works even after 'systemctl stop slapd ; systemctl start slapd')
Can anyone suggest good book for administration of OpenLDAP on Linux/CentOS. Ideally for kid 5 and up, with many pictures and suitable for 'late bloomer'. Thanks!
Dmitri
-------- Forwarded Message -------- Subject: any working documentation? Date: Mon, 19 Aug 2019 20:26:28 +0100 From: Dmitri Seletski drjoms@gmail.com drjoms@gmail.com To: openldap-technical@openldap.org
Hello.
I am new to the list, so if you gonna beat me with your feet - please don't hit me in the face.
I did not find help/user list. So post here.
Where can I find working documentation for OpenLDAP?
Most current i found:
https://www.openldap.org/doc/admin24/quickstart.html
It says nothing of TLS encryption. I fail to start service
See output below:
TLSMC: MozNSS compatibility interception begins. tlsmc_intercept_initialization: INFO: entry options follow: tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap/certs' tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server' tlsmc_intercept_initialization: INFO: keyfile = `/etc/openldap/certs/password' tlsmc_convert: INFO: trying to open NSS DB with CACertDir = `/etc/openldap/certs'. tlsmc_open_nssdb: INFO: trying to initialize moznss using security dir `/etc/openldap` prefix `certs`. tlsmc_open_nssdb: WARN: could not initialize MozNSS context - error -8015. tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM configuration is present. tlsmc_intercept_initialization: INFO: altered options follow: tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap' tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server' tlsmc_intercept_initialization: INFO: keyfile = `/etc/openldap/certs/password' tlsmc_intercept_initialization: INFO: successfully intercepted TLS initialization. Continuing with OpenSSL only. TLSMC: MozNSS compatibility interception ends. TLS: could not use certificate `OpenLDAP Server'. TLS: error:02001002:system library:fopen:No such file or directory bss_file.c:402 TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:404 TLS: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib ssl_rsa.c:468 5d5af51b main: TLS init def ctx failed: -1 5d5af51b slapd destroy: freeing system resources. 5d5af51b slapd stopped. 5d5af51b connections_destroy: nothing to destroy.
Where can I submit errata to documentation maintainer?(as quick start clearly doesn't work in my default install of OpenLDAP on CentOS 7)
And how can I start SLAPD without encryption?
I can generate self signed private/public key and make ln -s of my CA cert folder to 'cacertdir = `/etc/openldap'', but this seems SOOO unnecessary. At least on 'try out' step.
Thanks in advance
Dmitri
Thank you very much for your response Dave.
As per second link, I was able to create working copy of LDAP server, that did not crash on me complaining about encryption.
So I can recreate working environment. I am not seeking to be able to mindlessly copy someone's config files and start service as 'my own'.
Can someone suggest PDF book(which I am willing to buy, even if it's expensive, eastern European paying money for digital property, I know, right?) or some other non DRM book?
Something that will give me good insight on LDAP.
Thank you in advance.
Dmitri Seletski
On 20/08/2019 13:32, Dave Macias wrote:
There are a lot of great tutorials out there too: https://linuxhostsupport.com/blog/how-to-install-ldap-on-centos-7/ https://www.itzgeek.com/how-tos/linux/centos-how-tos/step-step-openldap-serv...
I would say try them all, get a feel for it and install/configure it for your needs. Openldap is a great software with many really cool schemas to expand usage https://fossies.org/linux/ldap-account-manager/docs/manual/apa.html
Have fun!
On Mon, Aug 19, 2019 at 7:06 PM Dmitri Seletski <drjoms@gmail.com mailto:drjoms@gmail.com> wrote:
Please ignore last message. Apparently I have 2 hands, but both are left hands.(freshly cloned OS with no existing preinstall seemed to work fine and works even after 'systemctl stop slapd ; systemctl start slapd') Can anyone suggest good book for administration of OpenLDAP on Linux/CentOS. Ideally for kid 5 and up, with many pictures and suitable for 'late bloomer'. Thanks! Dmitri -------- Forwarded Message -------- Subject: any working documentation? Date: Mon, 19 Aug 2019 20:26:28 +0100 From: Dmitri Seletski <drjoms@gmail.com> <mailto:drjoms@gmail.com> To: openldap-technical@openldap.org <mailto:openldap-technical@openldap.org> Hello. I am new to the list, so if you gonna beat me with your feet - please don't hit me in the face. I did not find help/user list. So post here. Where can I find working documentation for OpenLDAP? Most current i found: https://www.openldap.org/doc/admin24/quickstart.html It says nothing of TLS encryption. I fail to start service See output below: TLSMC: MozNSS compatibility interception begins. tlsmc_intercept_initialization: INFO: entry options follow: tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap/certs' tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server' tlsmc_intercept_initialization: INFO: keyfile = `/etc/openldap/certs/password' tlsmc_convert: INFO: trying to open NSS DB with CACertDir = `/etc/openldap/certs'. tlsmc_open_nssdb: INFO: trying to initialize moznss using security dir `/etc/openldap` prefix `certs`. tlsmc_open_nssdb: WARN: could not initialize MozNSS context - error -8015. tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM configuration is present. tlsmc_intercept_initialization: INFO: altered options follow: tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap' tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server' tlsmc_intercept_initialization: INFO: keyfile = `/etc/openldap/certs/password' tlsmc_intercept_initialization: INFO: successfully intercepted TLS initialization. Continuing with OpenSSL only. TLSMC: MozNSS compatibility interception ends. TLS: could not use certificate `OpenLDAP Server'. TLS: error:02001002:system library:fopen:No such file or directory bss_file.c:402 TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:404 TLS: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib ssl_rsa.c:468 5d5af51b main: TLS init def ctx failed: -1 5d5af51b slapd destroy: freeing system resources. 5d5af51b slapd stopped. 5d5af51b connections_destroy: nothing to destroy. Where can I submit errata to documentation maintainer?(as quick start clearly doesn't work in my default install of OpenLDAP on CentOS 7) And how can I start SLAPD without encryption? I can generate self signed private/public key and make ln -s of my CA cert folder to 'cacertdir = `/etc/openldap'', but this seems SOOO unnecessary. At least on 'try out' step. Thanks in advance Dmitri
Dmitri Seletski drjoms@gmail.com schrieb am 20.08.2019 um 18:39 in Nachricht
8cb57eed-9577-6df9-2295-8958f04e7a15@gmail.com:
Thank you very much for your response Dave.
As per second link, I was able to create working copy of LDAP server, that did not crash on me complaining about encryption.
So I can recreate working environment. I am not seeking to be able to mindlessly copy someone's config files and start service as 'my own'.
Can someone suggest PDF book(which I am willing to buy, even if it's expensive, eastern European paying money for digital property, I know, right?) or some other non DRM book?
Something that will give me good insight on LDAP.
Years ago there was an IBM Readbook named "Understanding LDAP Design and Implementation". Maybe it's still available. That you could use as start.
Regards, Ulrich
Thank you in advance.
Dmitri Seletski
On 20/08/2019 13:32, Dave Macias wrote:
There are a lot of great tutorials out there too: https://linuxhostsupport.com/blog/how-to-install-ldap-on-centos-7/
https://www.itzgeek.com/how-tos/linux/centos-how-tos/step-step-openldap-serv... r-configuration-centos-7-rhel-7.html
I would say try them all, get a feel for it and install/configure it for your needs. Openldap is a great software with many really cool schemas to expand usage https://fossies.org/linux/ldap-account-manager/docs/manual/apa.html
Have fun!
On Mon, Aug 19, 2019 at 7:06 PM Dmitri Seletski <drjoms@gmail.com mailto:drjoms@gmail.com> wrote:
Please ignore last message. Apparently I have 2 hands, but both are left hands.(freshly cloned OS with no existing preinstall seemed to work fine and works even after 'systemctl stop slapd ; systemctl start slapd') Can anyone suggest good book for administration of OpenLDAP on Linux/CentOS. Ideally for kid 5 and up, with many pictures and suitable for 'late bloomer'. Thanks! Dmitri -------- Forwarded Message -------- Subject: any working documentation? Date: Mon, 19 Aug 2019 20:26:28 +0100 From: Dmitri Seletski <drjoms@gmail.com> <mailto:drjoms@gmail.com> To: openldap-technical@openldap.org <mailto:openldap-technical@openldap.org> Hello. I am new to the list, so if you gonna beat me with your feet - please don't hit me in the face. I did not find help/user list. So post here. Where can I find working documentation for OpenLDAP? Most current i found: https://www.openldap.org/doc/admin24/quickstart.html It says nothing of TLS encryption. I fail to start service See output below: TLSMC: MozNSS compatibility interception begins. tlsmc_intercept_initialization: INFO: entry options follow: tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap/certs' tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server' tlsmc_intercept_initialization: INFO: keyfile = `/etc/openldap/certs/password' tlsmc_convert: INFO: trying to open NSS DB with CACertDir = `/etc/openldap/certs'. tlsmc_open_nssdb: INFO: trying to initialize moznss using security dir `/etc/openldap` prefix `certs`. tlsmc_open_nssdb: WARN: could not initialize MozNSS context - error -8015. tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM configuration is present. tlsmc_intercept_initialization: INFO: altered options follow: tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap' tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server' tlsmc_intercept_initialization: INFO: keyfile = `/etc/openldap/certs/password' tlsmc_intercept_initialization: INFO: successfully intercepted TLS initialization. Continuing with OpenSSL only. TLSMC: MozNSS compatibility interception ends. TLS: could not use certificate `OpenLDAP Server'. TLS: error:02001002:system library:fopen:No such file or directory bss_file.c:402 TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:404 TLS: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib ssl_rsa.c:468 5d5af51b main: TLS init def ctx failed: -1 5d5af51b slapd destroy: freeing system resources. 5d5af51b slapd stopped. 5d5af51b connections_destroy: nothing to destroy. Where can I submit errata to documentation maintainer?(as quick start clearly doesn't work in my default install of OpenLDAP on CentOS 7) And how can I start SLAPD without encryption? I can generate self signed private/public key and make ln -s of my CA cert folder to 'cacertdir = `/etc/openldap'', but this seems SOOO unnecessary. At least on 'try out' step. Thanks in advance Dmitri
http://www.openldap.org/doc/admin24/tls.html
And maybe something like this: https://www.ibm.com/support/knowledgecenter/en/SSMNED_5.0.0/com.ibm.apic.cmc...
-----Original Message----- From: Dmitri Seletski [mailto:drjoms@gmail.com] Sent: maandag 19 augustus 2019 21:26 To: openldap-technical@openldap.org Subject: any working documentation?
Hello.
I am new to the list, so if you gonna beat me with your feet - please don't hit me in the face.
I did not find help/user list. So post here.
Where can I find working documentation for OpenLDAP?
Most current i found:
https://www.openldap.org/doc/admin24/quickstart.html
It says nothing of TLS encryption. I fail to start service
See output below:
TLSMC: MozNSS compatibility interception begins. tlsmc_intercept_initialization: INFO: entry options follow: tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap/certs' tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server' tlsmc_intercept_initialization: INFO: keyfile = `/etc/openldap/certs/password' tlsmc_convert: INFO: trying to open NSS DB with CACertDir = `/etc/openldap/certs'. tlsmc_open_nssdb: INFO: trying to initialize moznss using security dir `/etc/openldap` prefix `certs`. tlsmc_open_nssdb: WARN: could not initialize MozNSS context - error -8015. tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM configuration is present. tlsmc_intercept_initialization: INFO: altered options follow: tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap' tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server' tlsmc_intercept_initialization: INFO: keyfile = `/etc/openldap/certs/password' tlsmc_intercept_initialization: INFO: successfully intercepted TLS initialization. Continuing with OpenSSL only. TLSMC: MozNSS compatibility interception ends. TLS: could not use certificate `OpenLDAP Server'. TLS: error:02001002:system library:fopen:No such file or directory bss_file.c:402 TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:404 TLS: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib ssl_rsa.c:468 5d5af51b main: TLS init def ctx failed: -1 5d5af51b slapd destroy: freeing system resources. 5d5af51b slapd stopped. 5d5af51b connections_destroy: nothing to destroy.
Where can I submit errata to documentation maintainer?(as quick start clearly doesn't work in my default install of OpenLDAP on CentOS 7)
And how can I start SLAPD without encryption?
I can generate self signed private/public key and make ln -s of my CA cert folder to 'cacertdir = `/etc/openldap'', but this seems SOOO unnecessary. At least on 'try out' step.
Thanks in advance
Dmitri
Am Mon, 19 Aug 2019 20:26:28 +0100 schrieb Dmitri Seletski drjoms@gmail.com:
Hello.
I am new to the list, so if you gonna beat me with your feet - please don't hit me in the face.
I did not find help/user list. So post here.
Where can I find working documentation for OpenLDAP?
Most current i found:
https://www.openldap.org/doc/admin24/quickstart.html
It says nothing of TLS encryption. I fail to start service
See output below:
It seems you use MOZNSS instead of openSSL, check slapd for the built-in ssl library.
TLSMC: MozNSS compatibility interception begins. tlsmc_intercept_initialization: INFO: entry options follow: tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap/certs' tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server' tlsmc_intercept_initialization: INFO: keyfile = `/etc/openldap/certs/password' tlsmc_convert: INFO: trying to open NSS DB with CACertDir = `/etc/openldap/certs'. tlsmc_open_nssdb: INFO: trying to initialize moznss using security dir `/etc/openldap` prefix `certs`. tlsmc_open_nssdb: WARN: could not initialize MozNSS context - error -8015. tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM configuration is present. tlsmc_intercept_initialization: INFO: altered options follow: tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap' tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server' tlsmc_intercept_initialization: INFO: keyfile = `/etc/openldap/certs/password' tlsmc_intercept_initialization: INFO: successfully intercepted TLS initialization. Continuing with OpenSSL only. TLSMC: MozNSS compatibility interception ends. TLS: could not use certificate `OpenLDAP Server'. TLS: error:02001002:system library:fopen:No such file or directory bss_file.c:402 TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:404 TLS: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib ssl_rsa.c:468 5d5af51b main: TLS init def ctx failed: -1 5d5af51b slapd destroy: freeing system resources. 5d5af51b slapd stopped. 5d5af51b connections_destroy: nothing to destroy.
Where can I submit errata to documentation maintainer?(as quick start clearly doesn't work in my default install of OpenLDAP on CentOS 7)
That is most likely because of MOZNSS in a OpenSSL envirement or vice versa.
And how can I start SLAPD without encryption?
Just disable TLS in slapd.conf and ldap.conf
{...]
-Dieter
openldap-technical@openldap.org
-
Dave Macias -
Dieter Klünter -
Dmitri Seletski -
Marc Roos -
Ulrich Windl