Hi,
I have a problem with the configuration of the Chain Overlay. Provider and Consumer are identical
CentOS release 6.5
rpm -qa | grep ldap openldap-clients-2.4.23-34.el6_5.1.x86_64 openldap-2.4.23-34.el6_5.1.x86_64 apr-util-ldap-1.3.9-3.el6_0.1.x86_64 nss-pam-ldapd-0.7.5-18.2.el6_4.x86_64 mod_authz_ldap-0.26-16.el6.x86_64 pam_ldap-185-11.el6.x86_64 openldap-servers-2.4.23-34.el6_5.1.x86_64
On the Consumer I imported the ldif file:
dn: olcOverlay=chain,olcDatabase={-1}frontend,cn=config objectClass: olcOverlayConfig objectClass: olcChainConfig olcOverlay: chain olcChainCacheURI: FALSE olcChainMaxReferralDepth: 1 olcChainReturnError: FALSE
and I created the file.
/etc/openldap/slapd.d/cn=config/olcDatabase={-1}frontend/olcOverlay={1}chain.ldif
and after that I can not understand what I do. I've read a few things on the internet but have not been able to arrive at a solution, I tried to import the ldif file:
dn: olcDatabase=ldap,olcOverlay={1}chain,olcDatabase={-1}frontend,cn=config objectClass: olcLDAPConfig objectClass: olcChainDatabase olcDatabase: ldap olcDbURI: "ldap://ldpsoc01devpom.sociale.it" olcDbIDAssertBind: mode=self flags=prescriptive,proxy-authz-non-critical bindmethod=simple timeout=0 network-timeout=0 binddn="uid=pippo,ou=admin_esercizio,ou=Utenze_Amministratori,dc=sociale,dc=it" credentials="*******" keepalive=0:0:0 olcDbIDAssertAuthzFrom: * olcDbRebindAsUser: FALSE olcDbChaseReferrals: TRUE olcDbTFSupport: no olcDbProxyWhoAmI: FALSE olcDbProtocolVersion: 3 olcDbSingleConn: FALSE olcDbCancel: abandon olcDbUseTemporaryConn: FALSE olcDbConnectionPoolMax: 16 olcDbNoRefs: FALSE olcDbNoUndefFilter: FALSE
but what I try to import it, I get the following error
ldapadd -d 5 -H ldap://localhost:389 -x -W -D "cn=admin,cn=config" -f chaing_entry.ldif
res_errno: 32, res_error: <>, res_matched: <olcDatabase={-1}frontend,cn=config> ldap_free_request (origid 2, msgid 2) ldap_parse_result ber_scanf fmt ({iAA) ber: ber_scanf fmt (}) ber: ldap_msgfree ldap_err2string ldap_add: No such object (32) matched DN: olcDatabase={-1}frontend,cn=config
ldap_free_connection 1 1 ldap_send_unbind ber_flush2: 7 bytes to sd 4 ldap_free_connection: actually freed
I do not know what to do !!!!
My problem is that I use the Consumer ldap for authentication of some applications and if a user fails for more than 5 times the password, it should be blocked but being Consumer ldap read-only, the locking is not done !!!
HELP !!!
Ing. Stefano Elmopi Cooperativa Capodarco - Resp. Area ICT Gestione Esercizio Via Ostiense 131/L Corpo B, 00154 Roma
cell. 3466147165 tel. 0657060500
email:stefano.elmopi@sociale.it
Running openldap-2.4.31 on Ubuntu 14.04.1 LTS compiled with gnutls. I created a local key and CSR using certtool: server.csrserver.key I was then issued the following from Network Solutions: AddTrustExternalCARoot.crthostname.domain.com.crtNetworkSolutions_CA.crtUTNAddTrustServer_CA.crt I added the following to slapd.conf: TLSCertificateFile /etc/ldap/certs/hostname.domain.com.crtTLSCertificateKeyFile /etc/ldap/certs/server.keyTLSCACertificateFile /etc/ldap/certs/NetworkSolutions_CA.crt ...and I now get the following error when I try to start slapd: Oct 20 10:49:58 hostname slapd[3476]: main: TLS init def ctx failed: -1
Can someone point me in the right direction as to what I am missing here?
--On Monday, October 20, 2014 12:12 PM -0700 Jeff Lebo jeflebo@outlook.com wrote:
Running openldap-2.4.31 on Ubuntu 14.04.1 LTS compiled with gnutls.
I strongly advise you to get a current OpenLDAP build, linked to OpenSSL, rather than wasting time on the broken bits shipped by Ubuntu.
--Quanah
--
Quanah Gibson-Mount Server Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
On 10/20/14 11:12 -0700, Jeff Lebo wrote:
Running openldap-2.4.31 on Ubuntu 14.04.1 LTS compiled with gnutls.
I created a local key and CSR using certtool:
server.csr server.key
I was then issued the following from Network Solutions:
AddTrustExternalCARoot.crt hostname.domain.com.crt NetworkSolutions_CA.crt UTNAddTrustServer_CA.crt
I added the following to slapd.conf:
TLSCertificateFile /etc/ldap/certs/hostname.domain.com.crt TLSCertificateKeyFile /etc/ldap/certs/server.key TLSCACertificateFile /etc/ldap/certs/NetworkSolutions_CA.crt
...and I now get the following error when I try to start slapd:
Oct 20 10:49:58 hostname slapd[3476]: main: TLS init def ctx failed: -1
Can someone point me in the right direction as to what I am missing here?
Google for "TLS init def ctx failed: -1". A common cause of this error is a permissions problem.
openldap-technical@openldap.org
-
Dan White -
Elmopi, Stefano -
Jeff Lebo -
Quanah Gibson-Mount