Hi all,
Can anyone please provide me some link for enabling "ldaps" i have followed many links but continuously failing to do so. I have also tried "startTLS" but its not compatible with Apache Knox. Any help would be appreciated.
Thanks
Aneela Saleem wrote:
Can anyone please provide me some link for enabling "ldaps"
http://www.openldap.org/doc/admin24/tls.html
Ciao, Michael.
On 18/08/2015 15:41, Michael Ströder wrote:
Aneela Saleem wrote:
Can anyone please provide me some link for enabling "ldaps"
http://www.openldap.org/doc/admin24/tls.html
Ciao, Michael.
or http://www.openldap.org/faq/data/cache/185.html
regards
Thanks Michael and Abdelkader.
Abdelkaded the link you provided is for slapd.conf distribution. Can you please guide me how to do "cn=config" distribution?
On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah a.chelouah@gmail.com wrote:
On 18/08/2015 15:41, Michael Ströder wrote:
Aneela Saleem wrote:
Can anyone please provide me some link for enabling "ldaps"
http://www.openldap.org/doc/admin24/tls.html
Ciao, Michael.
regards
On 18/08/2015 15:51, Aneela Saleem wrote:
Thanks Michael and Abdelkader.
Abdelkaded the link you provided is for slapd.conf distribution. Can you please guide me how to do "cn=config" distribution?
On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah <a.chelouah@gmail.com mailto:a.chelouah@gmail.com> wrote:
On 18/08/2015 15:41, Michael Ströder wrote: Aneela Saleem wrote: Can anyone please provide me some link for enabling "ldaps" http://www.openldap.org/doc/admin24/tls.html Ciao, Michael. or http://www.openldap.org/faq/data/cache/185.html regards
You can convert a slapd.conf to cn=config using slaptest
slaptest -f path/to/slapd.conf -F path/to/slapd.d
I have no slapd.conf. I have cn=conf
On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah a.chelouah@gmail.com wrote:
On 18/08/2015 15:51, Aneela Saleem wrote:
Thanks Michael and Abdelkader.
Abdelkaded the link you provided is for slapd.conf distribution. Can you please guide me how to do "cn=config" distribution?
On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah < a.chelouah@gmail.coma.chelouah@gmail.com> wrote:
On 18/08/2015 15:41, Michael Ströder wrote:
Aneela Saleem wrote:
Can anyone please provide me some link for enabling "ldaps"
http://www.openldap.org/doc/admin24/tls.html
Ciao, Michael.
regards
You can convert a slapd.conf to cn=config using slaptest
slaptest -f path/to/slapd.conf -F path/to/slapd.d
On 18/08/2015 16:05, Aneela Saleem wrote:
I have no slapd.conf. I have cn=conf
On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah <a.chelouah@gmail.com mailto:a.chelouah@gmail.com> wrote:
On 18/08/2015 15:51, Aneela Saleem wrote:Thanks Michael and Abdelkader. Abdelkaded the link you provided is for slapd.conf distribution. Can you please guide me how to do "cn=config" distribution? On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah <a.chelouah@gmail.com <mailto:a.chelouah@gmail.com>> wrote: On 18/08/2015 15:41, Michael Ströder wrote: Aneela Saleem wrote: Can anyone please provide me some link for enabling "ldaps" http://www.openldap.org/doc/admin24/tls.html Ciao, Michael. or http://www.openldap.org/faq/data/cache/185.html regardsYou can convert a slapd.conf to cn=config using slaptest slaptest -f path/to/slapd.conf -F path/to/slapd.d
# cn=config dn: cn=config objectClass: olcGlobal cn: config ... olcTLSCACertificateFile: /path/to/cacert olcTLSCertificateFile: /path/to/cert olcTLSCertificateKeyFile: /path/to/key olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 ...
Which file i need to write this in?
On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah a.chelouah@gmail.com wrote:
On 18/08/2015 16:05, Aneela Saleem wrote:
I have no slapd.conf. I have cn=conf
On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah < a.chelouah@gmail.coma.chelouah@gmail.com> wrote:
On 18/08/2015 15:51, Aneela Saleem wrote:
Thanks Michael and Abdelkader.
Abdelkaded the link you provided is for slapd.conf distribution. Can you please guide me how to do "cn=config" distribution?
On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah < a.chelouah@gmail.coma.chelouah@gmail.com> wrote:
On 18/08/2015 15:41, Michael Ströder wrote:
Aneela Saleem wrote:
Can anyone please provide me some link for enabling "ldaps"
http://www.openldap.org/doc/admin24/tls.html
Ciao, Michael.
regards
You can convert a slapd.conf to cn=config using slaptest
slaptest -f path/to/slapd.conf -F path/to/slapd.d
# cn=config dn: cn=config objectClass: olcGlobal cn: config ... olcTLSCACertificateFile: /path/to/cacert olcTLSCertificateFile: /path/to/cert olcTLSCertificateKeyFile: /path/to/key olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 ...
I wrote the above lines in olcDatabase={0}config.ldif file. When i restart slapd it gets failed.
On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem aneela@platalytics.com wrote:
Which file i need to write this in?
On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah <a.chelouah@gmail.com
wrote:
On 18/08/2015 16:05, Aneela Saleem wrote:
I have no slapd.conf. I have cn=conf
On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah < a.chelouah@gmail.coma.chelouah@gmail.com> wrote:
On 18/08/2015 15:51, Aneela Saleem wrote:
Thanks Michael and Abdelkader.
Abdelkaded the link you provided is for slapd.conf distribution. Can you please guide me how to do "cn=config" distribution?
On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah < a.chelouah@gmail.coma.chelouah@gmail.com> wrote:
On 18/08/2015 15:41, Michael Ströder wrote:
Aneela Saleem wrote:
Can anyone please provide me some link for enabling "ldaps"
http://www.openldap.org/doc/admin24/tls.html
Ciao, Michael.
regards
You can convert a slapd.conf to cn=config using slaptest
slaptest -f path/to/slapd.conf -F path/to/slapd.d
# cn=config dn: cn=config objectClass: olcGlobal cn: config ... olcTLSCACertificateFile: /path/to/cacert olcTLSCertificateFile: /path/to/cert olcTLSCertificateKeyFile: /path/to/key olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 ...
Where i can find the logs?
On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem aneela@platalytics.com wrote:
I wrote the above lines in olcDatabase={0}config.ldif file. When i restart slapd it gets failed.
On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem aneela@platalytics.com wrote:
Which file i need to write this in?
On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah < a.chelouah@gmail.com> wrote:
On 18/08/2015 16:05, Aneela Saleem wrote:
I have no slapd.conf. I have cn=conf
On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah < a.chelouah@gmail.coma.chelouah@gmail.com> wrote:
On 18/08/2015 15:51, Aneela Saleem wrote:
Thanks Michael and Abdelkader.
Abdelkaded the link you provided is for slapd.conf distribution. Can you please guide me how to do "cn=config" distribution?
On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah < a.chelouah@gmail.coma.chelouah@gmail.com> wrote:
On 18/08/2015 15:41, Michael Ströder wrote:
Aneela Saleem wrote:
> Can anyone please provide me some link for enabling "ldaps" > http://www.openldap.org/doc/admin24/tls.html
Ciao, Michael.
regards
You can convert a slapd.conf to cn=config using slaptest
slaptest -f path/to/slapd.conf -F path/to/slapd.d
# cn=config dn: cn=config objectClass: olcGlobal cn: config ... olcTLSCACertificateFile: /path/to/cacert olcTLSCertificateFile: /path/to/cert olcTLSCertificateKeyFile: /path/to/key olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 ...
When i add below file i.e., ssl_mod.ldif
*dn: cn=config* *changetype: modify* *add: olcTLSCACertificateFile* *olcTLSCACertificateFile: /etc/ldap/cacert.pem* *-* *add: olcTLSCertificateFile* *olcTLSCertificateFile: /etc/ldap/servercrt.pem* *-* *add: olcTLSCertificateKeyFile* *olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem* *-* *add: olcTLSCipherSuite* *olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2*
using following command:
ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f mod_ssl.ldif
i get ldap_result: Can't contact LDAP server (-1) error.
Although LDAP is running. I can run following command i.e.,
ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w 123 -b "dc=platalytics,dc=com" "objectclass=*"
How can i make ldaps work?
On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem aneela@platalytics.com wrote:
Where i can find the logs?
On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem aneela@platalytics.com wrote:
I wrote the above lines in olcDatabase={0}config.ldif file. When i restart slapd it gets failed.
On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem aneela@platalytics.com wrote:
Which file i need to write this in?
On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah < a.chelouah@gmail.com> wrote:
On 18/08/2015 16:05, Aneela Saleem wrote:
I have no slapd.conf. I have cn=conf
On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah < a.chelouah@gmail.coma.chelouah@gmail.com> wrote:
On 18/08/2015 15:51, Aneela Saleem wrote:
Thanks Michael and Abdelkader.
Abdelkaded the link you provided is for slapd.conf distribution. Can you please guide me how to do "cn=config" distribution?
On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah < a.chelouah@gmail.coma.chelouah@gmail.com> wrote:
On 18/08/2015 15:41, Michael Ströder wrote:
> Aneela Saleem wrote: > >> Can anyone please provide me some link for enabling "ldaps" >> > http://www.openldap.org/doc/admin24/tls.html > > Ciao, Michael. > > or http://www.openldap.org/faq/data/cache/185.html
regards
You can convert a slapd.conf to cn=config using slaptest
slaptest -f path/to/slapd.conf -F path/to/slapd.d
# cn=config dn: cn=config objectClass: olcGlobal cn: config ... olcTLSCACertificateFile: /path/to/cacert olcTLSCertificateFile: /path/to/cert olcTLSCertificateKeyFile: /path/to/key olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 ...
On 18/08/2015 20:11, Aneela Saleem wrote:
When i add below file i.e., ssl_mod.ldif
*dn: cn=config* *changetype: modify* *add: olcTLSCACertificateFile* *olcTLSCACertificateFile: /etc/ldap/cacert.pem* *-* *add: olcTLSCertificateFile* *olcTLSCertificateFile: /etc/ldap/servercrt.pem* *-* *add: olcTLSCertificateKeyFile* *olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem* *-* *add: olcTLSCipherSuite* *olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2*
using following command:
ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f mod_ssl.ldif
i get ldap_result: Can't contact LDAP server (-1) error.
Although LDAP is running. I can run following command i.e.,
ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w 123 -b "dc=platalytics,dc=com" "objectclass=*"
How can i make ldaps work?
On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem <aneela@platalytics.com mailto:aneela@platalytics.com> wrote:
Where i can find the logs? On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem <aneela@platalytics.com <mailto:aneela@platalytics.com>> wrote: I wrote the above lines in olcDatabase={0}config.ldif file. When i restart slapd it gets failed. On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem <aneela@platalytics.com <mailto:aneela@platalytics.com>> wrote: Which file i need to write this in? On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah <a.chelouah@gmail.com <mailto:a.chelouah@gmail.com>> wrote: On 18/08/2015 16:05, Aneela Saleem wrote:I have no slapd.conf. I have cn=conf On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah <a.chelouah@gmail.com <mailto:a.chelouah@gmail.com>> wrote: On 18/08/2015 15:51, Aneela Saleem wrote:Thanks Michael and Abdelkader. Abdelkaded the link you provided is for slapd.conf distribution. Can you please guide me how to do "cn=config" distribution? On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah <a.chelouah@gmail.com <mailto:a.chelouah@gmail.com>> wrote: On 18/08/2015 15:41, Michael Ströder wrote: Aneela Saleem wrote: Can anyone please provide me some link for enabling "ldaps" http://www.openldap.org/doc/admin24/tls.html Ciao, Michael. or http://www.openldap.org/faq/data/cache/185.html regardsYou can convert a slapd.conf to cn=config using slaptest slaptest -f path/to/slapd.conf -F path/to/slapd.d# cn=config dn: cn=config objectClass: olcGlobal cn: config ... olcTLSCACertificateFile: /path/to/cacert olcTLSCertificateFile: /path/to/cert olcTLSCertificateKeyFile: /path/to/key olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 ...
Can you run
ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389
I get following result
ldap_initialize( ldap://localhost:389/??base ) dn:cn=admin,cn=config Result: Success (0)
On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah a.chelouah@gmail.com wrote:
On 18/08/2015 20:11, Aneela Saleem wrote:
When i add below file i.e., ssl_mod.ldif
*dn: cn=config* *changetype: modify* *add: olcTLSCACertificateFile* *olcTLSCACertificateFile: /etc/ldap/cacert.pem* *-* *add: olcTLSCertificateFile* *olcTLSCertificateFile: /etc/ldap/servercrt.pem* *-* *add: olcTLSCertificateKeyFile* *olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem* *-* *add: olcTLSCipherSuite* *olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2*
using following command:
ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f mod_ssl.ldif
i get ldap_result: Can't contact LDAP server (-1) error.
Although LDAP is running. I can run following command i.e.,
ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w 123 -b "dc=platalytics,dc=com" "objectclass=*"
How can i make ldaps work?
On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem aneela@platalytics.com wrote:
Where i can find the logs?
On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem < aneela@platalytics.com aneela@platalytics.com> wrote:
I wrote the above lines in olcDatabase={0}config.ldif file. When i restart slapd it gets failed.
On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem aneela@platalytics.com wrote:
Which file i need to write this in?
On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah < a.chelouah@gmail.coma.chelouah@gmail.com> wrote:
On 18/08/2015 16:05, Aneela Saleem wrote:
I have no slapd.conf. I have cn=conf
On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah < a.chelouah@gmail.coma.chelouah@gmail.com> wrote:
On 18/08/2015 15:51, Aneela Saleem wrote:
Thanks Michael and Abdelkader.
Abdelkaded the link you provided is for slapd.conf distribution. Can you please guide me how to do "cn=config" distribution?
On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah < a.chelouah@gmail.coma.chelouah@gmail.com> wrote:
> On 18/08/2015 15:41, Michael Ströder wrote: > >> Aneela Saleem wrote: >> >>> Can anyone please provide me some link for enabling "ldaps" >>> >> http://www.openldap.org/doc/admin24/tls.html >> http://www.openldap.org/doc/admin24/tls.html >> >> Ciao, Michael. >> >> or http://www.openldap.org/faq/data/cache/185.html > http://www.openldap.org/faq/data/cache/185.html > > regards >
You can convert a slapd.conf to cn=config using slaptest
slaptest -f path/to/slapd.conf -F path/to/slapd.d
# cn=config dn: cn=config objectClass: olcGlobal cn: config ... olcTLSCACertificateFile: /path/to/cacert olcTLSCertificateFile: /path/to/cert olcTLSCertificateKeyFile: /path/to/key olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 ...
Can you run
ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389
On 18/08/2015 20:27, Aneela Saleem wrote:
I get following result
ldap_initialize( ldap://localhost:389/??base ) dn:cn=admin,cn=config Result: Success (0)
On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah <a.chelouah@gmail.com mailto:a.chelouah@gmail.com> wrote:
On 18/08/2015 20:11, Aneela Saleem wrote:When i add below file i.e., ssl_mod.ldif * * *dn: cn=config* *changetype: modify* *add: olcTLSCACertificateFile* *olcTLSCACertificateFile: /etc/ldap/cacert.pem* *-* *add: olcTLSCertificateFile* *olcTLSCertificateFile: /etc/ldap/servercrt.pem* *-* *add: olcTLSCertificateKeyFile* *olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem* *-* *add: olcTLSCipherSuite* *olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2* * * using following command: ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f mod_ssl.ldif i get ldap_result: Can't contact LDAP server (-1) error. Although LDAP is running. I can run following command i.e., ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w 123 -b "dc=platalytics,dc=com" "objectclass=*" How can i make ldaps work? On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem <aneela@platalytics.com <mailto:aneela@platalytics.com>> wrote: Where i can find the logs? On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem <aneela@platalytics.com <mailto:aneela@platalytics.com>> wrote: I wrote the above lines in olcDatabase={0}config.ldif file. When i restart slapd it gets failed. On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem <aneela@platalytics.com <mailto:aneela@platalytics.com>> wrote: Which file i need to write this in? On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah <a.chelouah@gmail.com <mailto:a.chelouah@gmail.com>> wrote: On 18/08/2015 16:05, Aneela Saleem wrote:I have no slapd.conf. I have cn=conf On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah <a.chelouah@gmail.com <mailto:a.chelouah@gmail.com>> wrote: On 18/08/2015 15:51, Aneela Saleem wrote:Thanks Michael and Abdelkader. Abdelkaded the link you provided is for slapd.conf distribution. Can you please guide me how to do "cn=config" distribution? On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah <a.chelouah@gmail.com <mailto:a.chelouah@gmail.com>> wrote: On 18/08/2015 15:41, Michael Ströder wrote: Aneela Saleem wrote: Can anyone please provide me some link for enabling "ldaps" http://www.openldap.org/doc/admin24/tls.html Ciao, Michael. or http://www.openldap.org/faq/data/cache/185.html regardsYou can convert a slapd.conf to cn=config using slaptest slaptest -f path/to/slapd.conf -F path/to/slapd.d# cn=config dn: cn=config objectClass: olcGlobal cn: config ... olcTLSCACertificateFile: /path/to/cacert olcTLSCertificateFile: /path/to/cert olcTLSCertificateKeyFile: /path/to/key olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 ...Can you run ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389
Ok, retry the "ldapmodify" command using
ldapmodify -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 -f mod_ssl.ldif
Still i get following error:
modifying entry "cn=config" ldap_result: Can't contact LDAP server (-1)
On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader Chelouah a.chelouah@gmail.com wrote:
On 18/08/2015 20:27, Aneela Saleem wrote:
I get following result
ldap_initialize( ldap://localhost:389/??base ) dn:cn=admin,cn=config Result: Success (0)
On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah < a.chelouah@gmail.coma.chelouah@gmail.com> wrote:
On 18/08/2015 20:11, Aneela Saleem wrote:
When i add below file i.e., ssl_mod.ldif
*dn: cn=config* *changetype: modify* *add: olcTLSCACertificateFile* *olcTLSCACertificateFile: /etc/ldap/cacert.pem* *-* *add: olcTLSCertificateFile* *olcTLSCertificateFile: /etc/ldap/servercrt.pem* *-* *add: olcTLSCertificateKeyFile* *olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem* *-* *add: olcTLSCipherSuite* *olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2*
using following command:
ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f mod_ssl.ldif
i get ldap_result: Can't contact LDAP server (-1) error.
Although LDAP is running. I can run following command i.e.,
ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w 123 -b "dc=platalytics,dc=com" "objectclass=*"
How can i make ldaps work?
On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem < aneela@platalytics.com aneela@platalytics.com> wrote:
Where i can find the logs?
On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem < aneela@platalytics.comaneela@platalytics.com> wrote:
I wrote the above lines in olcDatabase={0}config.ldif file. When i restart slapd it gets failed.
On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem < aneela@platalytics.comaneela@platalytics.com> wrote:
Which file i need to write this in?
On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah < a.chelouah@gmail.coma.chelouah@gmail.com> wrote:
On 18/08/2015 16:05, Aneela Saleem wrote:
I have no slapd.conf. I have cn=conf
On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah < a.chelouah@gmail.coma.chelouah@gmail.com> wrote:
> On 18/08/2015 15:51, Aneela Saleem wrote: > > Thanks Michael and Abdelkader. > > Abdelkaded the link you provided is for slapd.conf distribution. Can > you please guide me how to do "cn=config" distribution? > > On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah < > a.chelouah@gmail.coma.chelouah@gmail.com> wrote: > >> On 18/08/2015 15:41, Michael Ströder wrote: >> >>> Aneela Saleem wrote: >>> >>>> Can anyone please provide me some link for enabling "ldaps" >>>> >>> http://www.openldap.org/doc/admin24/tls.html >>> http://www.openldap.org/doc/admin24/tls.html >>> >>> Ciao, Michael. >>> >>> or http://www.openldap.org/faq/data/cache/185.html >> http://www.openldap.org/faq/data/cache/185.html >> >> regards >> > > You can convert a slapd.conf to cn=config using slaptest > > slaptest -f path/to/slapd.conf -F path/to/slapd.d >
# cn=config dn: cn=config objectClass: olcGlobal cn: config ... olcTLSCACertificateFile: /path/to/cacert olcTLSCertificateFile: /path/to/cert olcTLSCertificateKeyFile: /path/to/key olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 ...
Can you run
ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389
Ok, retry the "ldapmodify" command using
ldapmodify -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 -f mod_ssl.ldif
this is my /etc/ldap/ldap.conf file:
BASE dc=platalytics,dc=com
URI ldap://127.0.0.1
TLS_CACERT /etc/ldap/cacert.pem
On Wed, Aug 19, 2015 at 1:07 AM, Aneela Saleem aneela@platalytics.com wrote:
Still i get following error:
modifying entry "cn=config" ldap_result: Can't contact LDAP server (-1)
On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader Chelouah < a.chelouah@gmail.com> wrote:
On 18/08/2015 20:27, Aneela Saleem wrote:
I get following result
ldap_initialize( ldap://localhost:389/??base ) dn:cn=admin,cn=config Result: Success (0)
On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah < a.chelouah@gmail.coma.chelouah@gmail.com> wrote:
On 18/08/2015 20:11, Aneela Saleem wrote:
When i add below file i.e., ssl_mod.ldif
*dn: cn=config* *changetype: modify* *add: olcTLSCACertificateFile* *olcTLSCACertificateFile: /etc/ldap/cacert.pem* *-* *add: olcTLSCertificateFile* *olcTLSCertificateFile: /etc/ldap/servercrt.pem* *-* *add: olcTLSCertificateKeyFile* *olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem* *-* *add: olcTLSCipherSuite* *olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2*
using following command:
ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f mod_ssl.ldif
i get ldap_result: Can't contact LDAP server (-1) error.
Although LDAP is running. I can run following command i.e.,
ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w 123 -b "dc=platalytics,dc=com" "objectclass=*"
How can i make ldaps work?
On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem < aneela@platalytics.comaneela@platalytics.com> wrote:
Where i can find the logs?
On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem < aneela@platalytics.comaneela@platalytics.com> wrote:
I wrote the above lines in olcDatabase={0}config.ldif file. When i restart slapd it gets failed.
On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem < aneela@platalytics.comaneela@platalytics.com> wrote:
Which file i need to write this in?
On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah < a.chelouah@gmail.coma.chelouah@gmail.com> wrote:
> On 18/08/2015 16:05, Aneela Saleem wrote: > > I have no slapd.conf. I have cn=conf > > On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah < > a.chelouah@gmail.coma.chelouah@gmail.com> wrote: > >> On 18/08/2015 15:51, Aneela Saleem wrote: >> >> Thanks Michael and Abdelkader. >> >> Abdelkaded the link you provided is for slapd.conf distribution. >> Can you please guide me how to do "cn=config" distribution? >> >> On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah < >> a.chelouah@gmail.coma.chelouah@gmail.com> wrote: >> >>> On 18/08/2015 15:41, Michael Ströder wrote: >>> >>>> Aneela Saleem wrote: >>>> >>>>> Can anyone please provide me some link for enabling "ldaps" >>>>> >>>> http://www.openldap.org/doc/admin24/tls.html >>>> http://www.openldap.org/doc/admin24/tls.html >>>> >>>> Ciao, Michael. >>>> >>>> or http://www.openldap.org/faq/data/cache/185.html >>> http://www.openldap.org/faq/data/cache/185.html >>> >>> regards >>> >> >> You can convert a slapd.conf to cn=config using slaptest >> >> slaptest -f path/to/slapd.conf -F path/to/slapd.d >> > > # cn=config > dn: cn=config > objectClass: olcGlobal > cn: config > ... > olcTLSCACertificateFile: /path/to/cacert > olcTLSCertificateFile: /path/to/cert > olcTLSCertificateKeyFile: /path/to/key > olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 > ... >
Can you run
ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389
Ok, retry the "ldapmodify" command using
ldapmodify -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 -f mod_ssl.ldif
Anyone there? Please help me getting out of this problem
On Wed, Aug 19, 2015 at 1:29 AM, Aneela Saleem aneela@platalytics.com wrote:
this is my /etc/ldap/ldap.conf file:
BASE dc=platalytics,dc=com
URI ldap://127.0.0.1
TLS_CACERT /etc/ldap/cacert.pem
On Wed, Aug 19, 2015 at 1:07 AM, Aneela Saleem aneela@platalytics.com wrote:
Still i get following error:
modifying entry "cn=config" ldap_result: Can't contact LDAP server (-1)
On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader Chelouah < a.chelouah@gmail.com> wrote:
On 18/08/2015 20:27, Aneela Saleem wrote:
I get following result
ldap_initialize( ldap://localhost:389/??base ) dn:cn=admin,cn=config Result: Success (0)
On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah < a.chelouah@gmail.coma.chelouah@gmail.com> wrote:
On 18/08/2015 20:11, Aneela Saleem wrote:
When i add below file i.e., ssl_mod.ldif
*dn: cn=config* *changetype: modify* *add: olcTLSCACertificateFile* *olcTLSCACertificateFile: /etc/ldap/cacert.pem* *-* *add: olcTLSCertificateFile* *olcTLSCertificateFile: /etc/ldap/servercrt.pem* *-* *add: olcTLSCertificateKeyFile* *olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem* *-* *add: olcTLSCipherSuite* *olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2*
using following command:
ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f mod_ssl.ldif
i get ldap_result: Can't contact LDAP server (-1) error.
Although LDAP is running. I can run following command i.e.,
ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w 123 -b "dc=platalytics,dc=com" "objectclass=*"
How can i make ldaps work?
On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem < aneela@platalytics.comaneela@platalytics.com> wrote:
Where i can find the logs?
On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem < aneela@platalytics.comaneela@platalytics.com> wrote:
I wrote the above lines in olcDatabase={0}config.ldif file. When i restart slapd it gets failed.
On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem < aneela@platalytics.comaneela@platalytics.com> wrote:
> Which file i need to write this in? > > On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah < > a.chelouah@gmail.coma.chelouah@gmail.com> wrote: > >> On 18/08/2015 16:05, Aneela Saleem wrote: >> >> I have no slapd.conf. I have cn=conf >> >> On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah < >> a.chelouah@gmail.coma.chelouah@gmail.com> wrote: >> >>> On 18/08/2015 15:51, Aneela Saleem wrote: >>> >>> Thanks Michael and Abdelkader. >>> >>> Abdelkaded the link you provided is for slapd.conf distribution. >>> Can you please guide me how to do "cn=config" distribution? >>> >>> On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah < >>> a.chelouah@gmail.coma.chelouah@gmail.com> wrote: >>> >>>> On 18/08/2015 15:41, Michael Ströder wrote: >>>> >>>>> Aneela Saleem wrote: >>>>> >>>>>> Can anyone please provide me some link for enabling "ldaps" >>>>>> >>>>> http://www.openldap.org/doc/admin24/tls.html >>>>> http://www.openldap.org/doc/admin24/tls.html >>>>> >>>>> Ciao, Michael. >>>>> >>>>> or http://www.openldap.org/faq/data/cache/185.html >>>> http://www.openldap.org/faq/data/cache/185.html >>>> >>>> regards >>>> >>> >>> You can convert a slapd.conf to cn=config using slaptest >>> >>> slaptest -f path/to/slapd.conf -F path/to/slapd.d >>> >> >> # cn=config >> dn: cn=config >> objectClass: olcGlobal >> cn: config >> ... >> olcTLSCACertificateFile: /path/to/cacert >> olcTLSCertificateFile: /path/to/cert >> olcTLSCertificateKeyFile: /path/to/key >> olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 >> ... >> > >
Can you run
ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389
Ok, retry the "ldapmodify" command using
ldapmodify -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 -f mod_ssl.ldif
On 19/08/2015 20:32, Aneela Saleem wrote:
Anyone there? Please help me getting out of this problem
On Wed, Aug 19, 2015 at 1:29 AM, Aneela Saleem <aneela@platalytics.com mailto:aneela@platalytics.com> wrote:
this is my /etc/ldap/ldap.conf file: BASE dc=platalytics,dc=com URI ldap://127.0.0.1 <http://127.0.0.1> TLS_CACERT /etc/ldap/cacert.pem On Wed, Aug 19, 2015 at 1:07 AM, Aneela Saleem <aneela@platalytics.com <mailto:aneela@platalytics.com>> wrote: Still i get following error: modifying entry "cn=config" ldap_result: Can't contact LDAP server (-1) On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader Chelouah <a.chelouah@gmail.com <mailto:a.chelouah@gmail.com>> wrote: On 18/08/2015 20:27, Aneela Saleem wrote:I get following result ldap_initialize( ldap://localhost:389/??base ) dn:cn=admin,cn=config Result: Success (0) On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah <a.chelouah@gmail.com <mailto:a.chelouah@gmail.com>> wrote: On 18/08/2015 20:11, Aneela Saleem wrote:When i add below file i.e., ssl_mod.ldif * * *dn: cn=config* *changetype: modify* *add: olcTLSCACertificateFile* *olcTLSCACertificateFile: /etc/ldap/cacert.pem* *-* *add: olcTLSCertificateFile* *olcTLSCertificateFile: /etc/ldap/servercrt.pem* *-* *add: olcTLSCertificateKeyFile* *olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem* *-* *add: olcTLSCipherSuite* *olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2* * * using following command: ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f mod_ssl.ldif i get ldap_result: Can't contact LDAP server (-1) error. Although LDAP is running. I can run following command i.e., ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w 123 -b "dc=platalytics,dc=com" "objectclass=*" How can i make ldaps work? On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem <aneela@platalytics.com <mailto:aneela@platalytics.com>> wrote: Where i can find the logs? On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem <aneela@platalytics.com <mailto:aneela@platalytics.com>> wrote: I wrote the above lines in olcDatabase={0}config.ldif file. When i restart slapd it gets failed. On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem <aneela@platalytics.com <mailto:aneela@platalytics.com>> wrote: Which file i need to write this in? On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah <a.chelouah@gmail.com <mailto:a.chelouah@gmail.com>> wrote: On 18/08/2015 16:05, Aneela Saleem wrote:I have no slapd.conf. I have cn=conf On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah <a.chelouah@gmail.com <mailto:a.chelouah@gmail.com>> wrote: On 18/08/2015 15:51, Aneela Saleem wrote:Thanks Michael and Abdelkader. Abdelkaded the link you provided is for slapd.conf distribution. Can you please guide me how to do "cn=config" distribution? On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah <a.chelouah@gmail.com <mailto:a.chelouah@gmail.com>> wrote: On 18/08/2015 15:41, Michael Ströder wrote: Aneela Saleem wrote: Can anyone please provide me some link for enabling "ldaps" http://www.openldap.org/doc/admin24/tls.html Ciao, Michael. or http://www.openldap.org/faq/data/cache/185.html regardsYou can convert a slapd.conf to cn=config using slaptest slaptest -f path/to/slapd.conf -F path/to/slapd.d# cn=config dn: cn=config objectClass: olcGlobal cn: config ... olcTLSCACertificateFile: /path/to/cacert olcTLSCertificateFile: /path/to/cert olcTLSCertificateKeyFile: /path/to/key olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 ...Can you run ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389Ok, retry the "ldapmodify" command using ldapmodify -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 -f mod_ssl.ldif
There is something wrong with your setup.
1/ Stops your instance 2/ Exports your configuration
slapcat -F /path/to/slapd.d -n 0 -l config.ldif
3/ Performs the modification directly on config.ldif 4/ Removes the old configuration
rm -rf /path/to/slapd.d/*
5/ Imports the new configuration
slapadd -F /path/to/slapd.d -n 0 -l config.ldif
6/ Starts your instance
2/ Exports your configuration slapcat -F /path/to/slapd.d -n 0 -l config.ldif
i get the following error:
55d4f273 ldif_read_file: checksum error on "/etc/ldap/slapd.d/cn=config/olcDatabase={0}config.ldif"
On Thu, Aug 20, 2015 at 2:11 AM, Abdelkader Chelouah a.chelouah@gmail.com wrote:
On 19/08/2015 20:32, Aneela Saleem wrote:
Anyone there? Please help me getting out of this problem
On Wed, Aug 19, 2015 at 1:29 AM, Aneela Saleem aneela@platalytics.com wrote:
this is my /etc/ldap/ldap.conf file:
BASE dc=platalytics,dc=com
URI ldap://127.0.0.1
TLS_CACERT /etc/ldap/cacert.pem
On Wed, Aug 19, 2015 at 1:07 AM, Aneela Saleem < aneela@platalytics.com aneela@platalytics.com> wrote:
Still i get following error:
modifying entry "cn=config" ldap_result: Can't contact LDAP server (-1)
On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader Chelouah < a.chelouah@gmail.com> wrote:
On 18/08/2015 20:27, Aneela Saleem wrote:
I get following result
ldap_initialize( ldap://localhost:389/??base ) dn:cn=admin,cn=config Result: Success (0)
On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah < a.chelouah@gmail.coma.chelouah@gmail.com> wrote:
On 18/08/2015 20:11, Aneela Saleem wrote:
When i add below file i.e., ssl_mod.ldif
*dn: cn=config* *changetype: modify* *add: olcTLSCACertificateFile* *olcTLSCACertificateFile: /etc/ldap/cacert.pem* *-* *add: olcTLSCertificateFile* *olcTLSCertificateFile: /etc/ldap/servercrt.pem* *-* *add: olcTLSCertificateKeyFile* *olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem* *-* *add: olcTLSCipherSuite* *olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2*
using following command:
ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f mod_ssl.ldif
i get ldap_result: Can't contact LDAP server (-1) error.
Although LDAP is running. I can run following command i.e.,
ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w 123 -b "dc=platalytics,dc=com" "objectclass=*"
How can i make ldaps work?
On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem < aneela@platalytics.comaneela@platalytics.com> wrote:
Where i can find the logs?
On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem < aneela@platalytics.comaneela@platalytics.com> wrote:
> I wrote the above lines in olcDatabase={0}config.ldif file. When i > restart slapd it gets failed. > > > On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem < > aneela@platalytics.comaneela@platalytics.com> wrote: > >> Which file i need to write this in? >> >> On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah < >> a.chelouah@gmail.coma.chelouah@gmail.com> wrote: >> >>> On 18/08/2015 16:05, Aneela Saleem wrote: >>> >>> I have no slapd.conf. I have cn=conf >>> >>> On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah < >>> a.chelouah@gmail.coma.chelouah@gmail.com> wrote: >>> >>>> On 18/08/2015 15:51, Aneela Saleem wrote: >>>> >>>> Thanks Michael and Abdelkader. >>>> >>>> Abdelkaded the link you provided is for slapd.conf distribution. >>>> Can you please guide me how to do "cn=config" distribution? >>>> >>>> On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah < >>>> a.chelouah@gmail.coma.chelouah@gmail.com> wrote: >>>> >>>>> On 18/08/2015 15:41, Michael Ströder wrote: >>>>> >>>>>> Aneela Saleem wrote: >>>>>> >>>>>>> Can anyone please provide me some link for enabling "ldaps" >>>>>>> >>>>>> http://www.openldap.org/doc/admin24/tls.html >>>>>> http://www.openldap.org/doc/admin24/tls.html >>>>>> >>>>>> Ciao, Michael. >>>>>> >>>>>> or http://www.openldap.org/faq/data/cache/185.html >>>>> http://www.openldap.org/faq/data/cache/185.html >>>>> >>>>> regards >>>>> >>>> >>>> You can convert a slapd.conf to cn=config using slaptest >>>> >>>> slaptest -f path/to/slapd.conf -F path/to/slapd.d >>>> >>> >>> # cn=config >>> dn: cn=config >>> objectClass: olcGlobal >>> cn: config >>> ... >>> olcTLSCACertificateFile: /path/to/cacert >>> olcTLSCertificateFile: /path/to/cert >>> olcTLSCertificateKeyFile: /path/to/key >>> olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 >>> ... >>> >> >> >
Can you run
ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389
Ok, retry the "ldapmodify" command using
ldapmodify -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 -f mod_ssl.ldif
There is something wrong with your setup.
1/ Stops your instance 2/ Exports your configuration
slapcat -F /path/to/slapd.d -n 0 -l config.ldif
3/ Performs the modification directly on config.ldif 4/ Removes the old configuration
rm -rf /path/to/slapd.d/*
5/ Imports the new configuration
slapadd -F /path/to/slapd.d -n 0 -l config.ldif
6/ Starts your instance
--On Thursday, August 20, 2015 3:19 AM +0500 Aneela Saleem aneela@platalytics.com wrote:
2/ Exports your configuration
slapcat -F /path/to/slapd.d -n 0 -l config.ldif
i get the following error:
55d4f273 ldif_read_file: checksum error on "/etc/ldap/slapd.d/cn=config/olcDatabase={0}config.ldif"
That's not an error, it is a warning.
--Quanah
--
Quanah Gibson-Mount Platform Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
-----Original Message----- From: openldap-technical [mailto:openldap-technical-bounces@openldap.org] On Behalf Of Quanah Gibson-Mount Sent: Wednesday, August 19, 2015 2:28 PM To: Aneela Saleem; Abdelkader Chelouah Cc: Michael Ströder; openldap-technical@openldap.org Subject: Re: LDAP over SSL ( ldaps )
--On Thursday, August 20, 2015 3:19 AM +0500 Aneela Saleem aneela@platalytics.com wrote:
2/ Exports your configuration
slapcat -F /path/to/slapd.d -n 0 -l config.ldif
i get the following error:
55d4f273 ldif_read_file: checksum error on "/etc/ldap/slapd.d/cn=config/olcDatabase={0}config.ldif"
That's not an error, it is a warning. ---- And guaranteed to occur if you edit files within your slapd.d directly with a text editor despite the warnings at the top of the files telling you not to do that.
5/ Imports the new configuration
slapadd -F /path/to/slapd.d -n 0 -l config.ldif
I get the following error:
slapadd: could not add entry dn="cn=config" (line=1): _ 1.03% eta none elapsed none spd 4.2 M/s Closing DB...
On Thu, Aug 20, 2015 at 2:11 AM, Abdelkader Chelouah a.chelouah@gmail.com wrote:
On 19/08/2015 20:32, Aneela Saleem wrote:
Anyone there? Please help me getting out of this problem
On Wed, Aug 19, 2015 at 1:29 AM, Aneela Saleem aneela@platalytics.com wrote:
this is my /etc/ldap/ldap.conf file:
BASE dc=platalytics,dc=com
URI ldap://127.0.0.1
TLS_CACERT /etc/ldap/cacert.pem
On Wed, Aug 19, 2015 at 1:07 AM, Aneela Saleem < aneela@platalytics.com aneela@platalytics.com> wrote:
Still i get following error:
modifying entry "cn=config" ldap_result: Can't contact LDAP server (-1)
On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader Chelouah < a.chelouah@gmail.com> wrote:
On 18/08/2015 20:27, Aneela Saleem wrote:
I get following result
ldap_initialize( ldap://localhost:389/??base ) dn:cn=admin,cn=config Result: Success (0)
On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah < a.chelouah@gmail.coma.chelouah@gmail.com> wrote:
On 18/08/2015 20:11, Aneela Saleem wrote:
When i add below file i.e., ssl_mod.ldif
*dn: cn=config* *changetype: modify* *add: olcTLSCACertificateFile* *olcTLSCACertificateFile: /etc/ldap/cacert.pem* *-* *add: olcTLSCertificateFile* *olcTLSCertificateFile: /etc/ldap/servercrt.pem* *-* *add: olcTLSCertificateKeyFile* *olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem* *-* *add: olcTLSCipherSuite* *olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2*
using following command:
ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f mod_ssl.ldif
i get ldap_result: Can't contact LDAP server (-1) error.
Although LDAP is running. I can run following command i.e.,
ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w 123 -b "dc=platalytics,dc=com" "objectclass=*"
How can i make ldaps work?
On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem < aneela@platalytics.comaneela@platalytics.com> wrote:
Where i can find the logs?
On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem < aneela@platalytics.comaneela@platalytics.com> wrote:
> I wrote the above lines in olcDatabase={0}config.ldif file. When i > restart slapd it gets failed. > > > On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem < > aneela@platalytics.comaneela@platalytics.com> wrote: > >> Which file i need to write this in? >> >> On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah < >> a.chelouah@gmail.coma.chelouah@gmail.com> wrote: >> >>> On 18/08/2015 16:05, Aneela Saleem wrote: >>> >>> I have no slapd.conf. I have cn=conf >>> >>> On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah < >>> a.chelouah@gmail.coma.chelouah@gmail.com> wrote: >>> >>>> On 18/08/2015 15:51, Aneela Saleem wrote: >>>> >>>> Thanks Michael and Abdelkader. >>>> >>>> Abdelkaded the link you provided is for slapd.conf distribution. >>>> Can you please guide me how to do "cn=config" distribution? >>>> >>>> On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah < >>>> a.chelouah@gmail.coma.chelouah@gmail.com> wrote: >>>> >>>>> On 18/08/2015 15:41, Michael Ströder wrote: >>>>> >>>>>> Aneela Saleem wrote: >>>>>> >>>>>>> Can anyone please provide me some link for enabling "ldaps" >>>>>>> >>>>>> http://www.openldap.org/doc/admin24/tls.html >>>>>> http://www.openldap.org/doc/admin24/tls.html >>>>>> >>>>>> Ciao, Michael. >>>>>> >>>>>> or http://www.openldap.org/faq/data/cache/185.html >>>>> http://www.openldap.org/faq/data/cache/185.html >>>>> >>>>> regards >>>>> >>>> >>>> You can convert a slapd.conf to cn=config using slaptest >>>> >>>> slaptest -f path/to/slapd.conf -F path/to/slapd.d >>>> >>> >>> # cn=config >>> dn: cn=config >>> objectClass: olcGlobal >>> cn: config >>> ... >>> olcTLSCACertificateFile: /path/to/cacert >>> olcTLSCertificateFile: /path/to/cert >>> olcTLSCertificateKeyFile: /path/to/key >>> olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 >>> ... >>> >> >> >
Can you run
ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389
Ok, retry the "ldapmodify" command using
ldapmodify -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 -f mod_ssl.ldif
There is something wrong with your setup.
1/ Stops your instance 2/ Exports your configuration
slapcat -F /path/to/slapd.d -n 0 -l config.ldif
3/ Performs the modification directly on config.ldif 4/ Removes the old configuration
rm -rf /path/to/slapd.d/*
5/ Imports the new configuration
slapadd -F /path/to/slapd.d -n 0 -l config.ldif
6/ Starts your instance
55d5ff01 str2entry: entry -1 has multiple DNs "cn=config" and "cn=module{0},cn=config"
On Thu, Aug 20, 2015 at 8:30 PM, Aneela Saleem aneela@platalytics.com wrote:
5/ Imports the new configuration
slapadd -F /path/to/slapd.d -n 0 -l config.ldif
I get the following error:
slapadd: could not add entry dn="cn=config" (line=1): _ 1.03% eta none elapsed none spd 4.2 M/s Closing DB...
On Thu, Aug 20, 2015 at 2:11 AM, Abdelkader Chelouah <a.chelouah@gmail.com
wrote:
On 19/08/2015 20:32, Aneela Saleem wrote:
Anyone there? Please help me getting out of this problem
On Wed, Aug 19, 2015 at 1:29 AM, Aneela Saleem aneela@platalytics.com wrote:
this is my /etc/ldap/ldap.conf file:
BASE dc=platalytics,dc=com
URI ldap://127.0.0.1
TLS_CACERT /etc/ldap/cacert.pem
On Wed, Aug 19, 2015 at 1:07 AM, Aneela Saleem < aneela@platalytics.comaneela@platalytics.com> wrote:
Still i get following error:
modifying entry "cn=config" ldap_result: Can't contact LDAP server (-1)
On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader Chelouah < a.chelouah@gmail.com> wrote:
On 18/08/2015 20:27, Aneela Saleem wrote:
I get following result
ldap_initialize( ldap://localhost:389/??base ) dn:cn=admin,cn=config Result: Success (0)
On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah < a.chelouah@gmail.coma.chelouah@gmail.com> wrote:
On 18/08/2015 20:11, Aneela Saleem wrote:
When i add below file i.e., ssl_mod.ldif
*dn: cn=config* *changetype: modify* *add: olcTLSCACertificateFile* *olcTLSCACertificateFile: /etc/ldap/cacert.pem* *-* *add: olcTLSCertificateFile* *olcTLSCertificateFile: /etc/ldap/servercrt.pem* *-* *add: olcTLSCertificateKeyFile* *olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem* *-* *add: olcTLSCipherSuite* *olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2*
using following command:
ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f mod_ssl.ldif
i get ldap_result: Can't contact LDAP server (-1) error.
Although LDAP is running. I can run following command i.e.,
ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w 123 -b "dc=platalytics,dc=com" "objectclass=*"
How can i make ldaps work?
On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem < aneela@platalytics.comaneela@platalytics.com> wrote:
> Where i can find the logs? > > On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem < > aneela@platalytics.comaneela@platalytics.com> wrote: > >> I wrote the above lines in olcDatabase={0}config.ldif file. When i >> restart slapd it gets failed. >> >> >> On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem < >> aneela@platalytics.comaneela@platalytics.com> wrote: >> >>> Which file i need to write this in? >>> >>> On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah < >>> a.chelouah@gmail.coma.chelouah@gmail.com> wrote: >>> >>>> On 18/08/2015 16:05, Aneela Saleem wrote: >>>> >>>> I have no slapd.conf. I have cn=conf >>>> >>>> On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah < >>>> a.chelouah@gmail.coma.chelouah@gmail.com> wrote: >>>> >>>>> On 18/08/2015 15:51, Aneela Saleem wrote: >>>>> >>>>> Thanks Michael and Abdelkader. >>>>> >>>>> Abdelkaded the link you provided is for slapd.conf distribution. >>>>> Can you please guide me how to do "cn=config" distribution? >>>>> >>>>> On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah < >>>>> a.chelouah@gmail.coma.chelouah@gmail.com> wrote: >>>>> >>>>>> On 18/08/2015 15:41, Michael Ströder wrote: >>>>>> >>>>>>> Aneela Saleem wrote: >>>>>>> >>>>>>>> Can anyone please provide me some link for enabling "ldaps" >>>>>>>> >>>>>>> http://www.openldap.org/doc/admin24/tls.html >>>>>>> http://www.openldap.org/doc/admin24/tls.html >>>>>>> >>>>>>> Ciao, Michael. >>>>>>> >>>>>>> or http://www.openldap.org/faq/data/cache/185.html >>>>>> http://www.openldap.org/faq/data/cache/185.html >>>>>> >>>>>> regards >>>>>> >>>>> >>>>> You can convert a slapd.conf to cn=config using slaptest >>>>> >>>>> slaptest -f path/to/slapd.conf -F path/to/slapd.d >>>>> >>>> >>>> # cn=config >>>> dn: cn=config >>>> objectClass: olcGlobal >>>> cn: config >>>> ... >>>> olcTLSCACertificateFile: /path/to/cacert >>>> olcTLSCertificateFile: /path/to/cert >>>> olcTLSCertificateKeyFile: /path/to/key >>>> olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 >>>> ... >>>> >>> >>> >> > Can you run
ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389
Ok, retry the "ldapmodify" command using
ldapmodify -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 -f mod_ssl.ldif
There is something wrong with your setup.
1/ Stops your instance 2/ Exports your configuration
slapcat -F /path/to/slapd.d -n 0 -l config.ldif
3/ Performs the modification directly on config.ldif 4/ Removes the old configuration
rm -rf /path/to/slapd.d/*
5/ Imports the new configuration
slapadd -F /path/to/slapd.d -n 0 -l config.ldif
6/ Starts your instance
On 20/08/2015 18:23, Aneela Saleem wrote:
55d5ff01 str2entry: entry -1 has multiple DNs "cn=config" and "cn=module{0},cn=config"
On Thu, Aug 20, 2015 at 8:30 PM, Aneela Saleem <aneela@platalytics.com mailto:aneela@platalytics.com> wrote:
5/ Imports the new configuration slapadd -F /path/to/slapd.d -n 0 -l config.ldif I get the following error: slapadd: could not add entry dn="cn=config" (line=1): _ 1.03% eta none elapsed none spd 4.2 M/s Closing DB... On Thu, Aug 20, 2015 at 2:11 AM, Abdelkader Chelouah <a.chelouah@gmail.com <mailto:a.chelouah@gmail.com>> wrote: On 19/08/2015 20:32, Aneela Saleem wrote:Anyone there? Please help me getting out of this problem On Wed, Aug 19, 2015 at 1:29 AM, Aneela Saleem <aneela@platalytics.com <mailto:aneela@platalytics.com>> wrote: this is my /etc/ldap/ldap.conf file: BASE dc=platalytics,dc=com URI ldap://127.0.0.1 <http://127.0.0.1> TLS_CACERT /etc/ldap/cacert.pem On Wed, Aug 19, 2015 at 1:07 AM, Aneela Saleem <aneela@platalytics.com <mailto:aneela@platalytics.com>> wrote: Still i get following error: modifying entry "cn=config" ldap_result: Can't contact LDAP server (-1) On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader Chelouah <a.chelouah@gmail.com <mailto:a.chelouah@gmail.com>> wrote: On 18/08/2015 20:27, Aneela Saleem wrote:I get following result ldap_initialize( ldap://localhost:389/??base ) dn:cn=admin,cn=config Result: Success (0) On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah <a.chelouah@gmail.com <mailto:a.chelouah@gmail.com>> wrote: On 18/08/2015 20:11, Aneela Saleem wrote:When i add below file i.e., ssl_mod.ldif * * *dn: cn=config* *changetype: modify* *add: olcTLSCACertificateFile* *olcTLSCACertificateFile: /etc/ldap/cacert.pem* *-* *add: olcTLSCertificateFile* *olcTLSCertificateFile: /etc/ldap/servercrt.pem* *-* *add: olcTLSCertificateKeyFile* *olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem* *-* *add: olcTLSCipherSuite* *olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2* * * using following command: ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f mod_ssl.ldif i get ldap_result: Can't contact LDAP server (-1) error. Although LDAP is running. I can run following command i.e., ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w 123 -b "dc=platalytics,dc=com" "objectclass=*" How can i make ldaps work? On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem <aneela@platalytics.com <mailto:aneela@platalytics.com>> wrote: Where i can find the logs? On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem <aneela@platalytics.com <mailto:aneela@platalytics.com>> wrote: I wrote the above lines in olcDatabase={0}config.ldif file. When i restart slapd it gets failed. On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem <aneela@platalytics.com <mailto:aneela@platalytics.com>> wrote: Which file i need to write this in? On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah <a.chelouah@gmail.com <mailto:a.chelouah@gmail.com>> wrote: On 18/08/2015 16:05, Aneela Saleem wrote:I have no slapd.conf. I have cn=conf On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah <a.chelouah@gmail.com <mailto:a.chelouah@gmail.com>> wrote: On 18/08/2015 15:51, Aneela Saleem wrote:Thanks Michael and Abdelkader. Abdelkaded the link you provided is for slapd.conf distribution. Can you please guide me how to do "cn=config" distribution? On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah <a.chelouah@gmail.com <mailto:a.chelouah@gmail.com>> wrote: On 18/08/2015 15:41, Michael Ströder wrote: Aneela Saleem wrote: Can anyone please provide me some link for enabling "ldaps" http://www.openldap.org/doc/admin24/tls.html Ciao, Michael. or http://www.openldap.org/faq/data/cache/185.html regardsYou can convert a slapd.conf to cn=config using slaptest slaptest -f path/to/slapd.conf -F path/to/slapd.d# cn=config dn: cn=config objectClass: olcGlobal cn: config ... olcTLSCACertificateFile: /path/to/cacert olcTLSCertificateFile: /path/to/cert olcTLSCertificateKeyFile: /path/to/key olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 ...Can you run ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389Ok, retry the "ldapmodify" command using ldapmodify -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 -f mod_ssl.ldifThere is something wrong with your setup. 1/ Stops your instance 2/ Exports your configuration slapcat -F /path/to/slapd.d -n 0 -l config.ldif 3/ Performs the modification directly on config.ldif 4/ Removes the old configuration rm -rf /path/to/slapd.d/* 5/ Imports the new configuration slapadd -F /path/to/slapd.d -n 0 -l config.ldif 6/ Starts your instance
Did you removed the content of /path/to/slapd.d ?
yes
On Thu, Aug 20, 2015 at 10:39 PM, Abdelkader Chelouah a.chelouah@gmail.com wrote:
On 20/08/2015 18:23, Aneela Saleem wrote:
55d5ff01 str2entry: entry -1 has multiple DNs "cn=config" and "cn=module{0},cn=config"
On Thu, Aug 20, 2015 at 8:30 PM, Aneela Saleem aneela@platalytics.com wrote:
5/ Imports the new configuration
slapadd -F /path/to/slapd.d -n 0 -l config.ldif
I get the following error:
slapadd: could not add entry dn="cn=config" (line=1): _ 1.03% eta none elapsed none spd 4.2 M/s Closing DB...
On Thu, Aug 20, 2015 at 2:11 AM, Abdelkader Chelouah < a.chelouah@gmail.coma.chelouah@gmail.com> wrote:
On 19/08/2015 20:32, Aneela Saleem wrote:
Anyone there? Please help me getting out of this problem
On Wed, Aug 19, 2015 at 1:29 AM, Aneela Saleem < aneela@platalytics.comaneela@platalytics.com> wrote:
this is my /etc/ldap/ldap.conf file:
BASE dc=platalytics,dc=com
URI ldap://127.0.0.1
TLS_CACERT /etc/ldap/cacert.pem
On Wed, Aug 19, 2015 at 1:07 AM, Aneela Saleem < aneela@platalytics.comaneela@platalytics.com> wrote:
Still i get following error:
modifying entry "cn=config" ldap_result: Can't contact LDAP server (-1)
On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader Chelouah < a.chelouah@gmail.coma.chelouah@gmail.com> wrote:
On 18/08/2015 20:27, Aneela Saleem wrote:
I get following result
ldap_initialize( ldap://localhost:389/??base ) dn:cn=admin,cn=config Result: Success (0)
On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah < a.chelouah@gmail.coma.chelouah@gmail.com> wrote:
> On 18/08/2015 20:11, Aneela Saleem wrote: > > When i add below file i.e., ssl_mod.ldif > > *dn: cn=config* > *changetype: modify* > *add: olcTLSCACertificateFile* > *olcTLSCACertificateFile: /etc/ldap/cacert.pem* > *-* > *add: olcTLSCertificateFile* > *olcTLSCertificateFile: /etc/ldap/servercrt.pem* > *-* > *add: olcTLSCertificateKeyFile* > *olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem* > *-* > *add: olcTLSCipherSuite* > *olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2* > > using following command: > > ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f > mod_ssl.ldif > > i get ldap_result: Can't contact LDAP server (-1) error. > > Although LDAP is running. I can run following command i.e., > > ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" > -w 123 -b "dc=platalytics,dc=com" "objectclass=*" > > How can i make ldaps work? > > On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem < > aneela@platalytics.comaneela@platalytics.com> wrote: > >> Where i can find the logs? >> >> On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem < >> aneela@platalytics.comaneela@platalytics.com> wrote: >> >>> I wrote the above lines in olcDatabase={0}config.ldif file. When i >>> restart slapd it gets failed. >>> >>> >>> On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem < >>> aneela@platalytics.comaneela@platalytics.com> wrote: >>> >>>> Which file i need to write this in? >>>> >>>> On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah < >>>> a.chelouah@gmail.coma.chelouah@gmail.com> wrote: >>>> >>>>> On 18/08/2015 16:05, Aneela Saleem wrote: >>>>> >>>>> I have no slapd.conf. I have cn=conf >>>>> >>>>> On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah < >>>>> a.chelouah@gmail.coma.chelouah@gmail.com> wrote: >>>>> >>>>>> On 18/08/2015 15:51, Aneela Saleem wrote: >>>>>> >>>>>> Thanks Michael and Abdelkader. >>>>>> >>>>>> Abdelkaded the link you provided is for slapd.conf >>>>>> distribution. Can you please guide me how to do "cn=config" distribution? >>>>>> >>>>>> On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah < >>>>>> a.chelouah@gmail.coma.chelouah@gmail.com> wrote: >>>>>> >>>>>>> On 18/08/2015 15:41, Michael Ströder wrote: >>>>>>> >>>>>>>> Aneela Saleem wrote: >>>>>>>> >>>>>>>>> Can anyone please provide me some link for enabling "ldaps" >>>>>>>>> >>>>>>>> http://www.openldap.org/doc/admin24/tls.html >>>>>>>> http://www.openldap.org/doc/admin24/tls.html >>>>>>>> >>>>>>>> Ciao, Michael. >>>>>>>> >>>>>>>> or http://www.openldap.org/faq/data/cache/185.html >>>>>>> http://www.openldap.org/faq/data/cache/185.html >>>>>>> >>>>>>> regards >>>>>>> >>>>>> >>>>>> You can convert a slapd.conf to cn=config using slaptest >>>>>> >>>>>> slaptest -f path/to/slapd.conf -F path/to/slapd.d >>>>>> >>>>> >>>>> # cn=config >>>>> dn: cn=config >>>>> objectClass: olcGlobal >>>>> cn: config >>>>> ... >>>>> olcTLSCACertificateFile: /path/to/cacert >>>>> olcTLSCertificateFile: /path/to/cert >>>>> olcTLSCertificateKeyFile: /path/to/key >>>>> olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 >>>>> ... >>>>> >>>> >>>> >>> >> > Can you run > > ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389 > > > Ok, retry the "ldapmodify" command using
ldapmodify -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 -f mod_ssl.ldif
There is something wrong with your setup.
1/ Stops your instance 2/ Exports your configuration
slapcat -F /path/to/slapd.d -n 0 -l config.ldif
3/ Performs the modification directly on config.ldif 4/ Removes the old configuration
rm -rf /path/to/slapd.d/*
5/ Imports the new configuration
slapadd -F /path/to/slapd.d -n 0 -l config.ldif
6/ Starts your instance
Did you removed the content of /path/to/slapd.d ?
Hi Abdelkader,
I tried following link
http://rogermoffatt.com/2011/08/24/ubuntu-openldap-with-ssltls/
It worked. But don't you think setting "TLS_REQCERT never" kills the purpose of ssl. As client FQDN is not checked in this againt.
On Thu, Aug 20, 2015 at 10:39 PM, Abdelkader Chelouah a.chelouah@gmail.com wrote:
On 20/08/2015 18:23, Aneela Saleem wrote:
55d5ff01 str2entry: entry -1 has multiple DNs "cn=config" and "cn=module{0},cn=config"
On Thu, Aug 20, 2015 at 8:30 PM, Aneela Saleem aneela@platalytics.com wrote:
5/ Imports the new configuration
slapadd -F /path/to/slapd.d -n 0 -l config.ldif
I get the following error:
slapadd: could not add entry dn="cn=config" (line=1): _ 1.03% eta none elapsed none spd 4.2 M/s Closing DB...
On Thu, Aug 20, 2015 at 2:11 AM, Abdelkader Chelouah < a.chelouah@gmail.coma.chelouah@gmail.com> wrote:
On 19/08/2015 20:32, Aneela Saleem wrote:
Anyone there? Please help me getting out of this problem
On Wed, Aug 19, 2015 at 1:29 AM, Aneela Saleem < aneela@platalytics.comaneela@platalytics.com> wrote:
this is my /etc/ldap/ldap.conf file:
BASE dc=platalytics,dc=com
URI ldap://127.0.0.1
TLS_CACERT /etc/ldap/cacert.pem
On Wed, Aug 19, 2015 at 1:07 AM, Aneela Saleem < aneela@platalytics.comaneela@platalytics.com> wrote:
Still i get following error:
modifying entry "cn=config" ldap_result: Can't contact LDAP server (-1)
On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader Chelouah < a.chelouah@gmail.coma.chelouah@gmail.com> wrote:
On 18/08/2015 20:27, Aneela Saleem wrote:
I get following result
ldap_initialize( ldap://localhost:389/??base ) dn:cn=admin,cn=config Result: Success (0)
On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah < a.chelouah@gmail.coma.chelouah@gmail.com> wrote:
> On 18/08/2015 20:11, Aneela Saleem wrote: > > When i add below file i.e., ssl_mod.ldif > > *dn: cn=config* > *changetype: modify* > *add: olcTLSCACertificateFile* > *olcTLSCACertificateFile: /etc/ldap/cacert.pem* > *-* > *add: olcTLSCertificateFile* > *olcTLSCertificateFile: /etc/ldap/servercrt.pem* > *-* > *add: olcTLSCertificateKeyFile* > *olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem* > *-* > *add: olcTLSCipherSuite* > *olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2* > > using following command: > > ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f > mod_ssl.ldif > > i get ldap_result: Can't contact LDAP server (-1) error. > > Although LDAP is running. I can run following command i.e., > > ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" > -w 123 -b "dc=platalytics,dc=com" "objectclass=*" > > How can i make ldaps work? > > On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem < > aneela@platalytics.comaneela@platalytics.com> wrote: > >> Where i can find the logs? >> >> On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem < >> aneela@platalytics.comaneela@platalytics.com> wrote: >> >>> I wrote the above lines in olcDatabase={0}config.ldif file. When i >>> restart slapd it gets failed. >>> >>> >>> On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem < >>> aneela@platalytics.comaneela@platalytics.com> wrote: >>> >>>> Which file i need to write this in? >>>> >>>> On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah < >>>> a.chelouah@gmail.coma.chelouah@gmail.com> wrote: >>>> >>>>> On 18/08/2015 16:05, Aneela Saleem wrote: >>>>> >>>>> I have no slapd.conf. I have cn=conf >>>>> >>>>> On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah < >>>>> a.chelouah@gmail.coma.chelouah@gmail.com> wrote: >>>>> >>>>>> On 18/08/2015 15:51, Aneela Saleem wrote: >>>>>> >>>>>> Thanks Michael and Abdelkader. >>>>>> >>>>>> Abdelkaded the link you provided is for slapd.conf >>>>>> distribution. Can you please guide me how to do "cn=config" distribution? >>>>>> >>>>>> On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah < >>>>>> a.chelouah@gmail.coma.chelouah@gmail.com> wrote: >>>>>> >>>>>>> On 18/08/2015 15:41, Michael Ströder wrote: >>>>>>> >>>>>>>> Aneela Saleem wrote: >>>>>>>> >>>>>>>>> Can anyone please provide me some link for enabling "ldaps" >>>>>>>>> >>>>>>>> http://www.openldap.org/doc/admin24/tls.html >>>>>>>> http://www.openldap.org/doc/admin24/tls.html >>>>>>>> >>>>>>>> Ciao, Michael. >>>>>>>> >>>>>>>> or http://www.openldap.org/faq/data/cache/185.html >>>>>>> http://www.openldap.org/faq/data/cache/185.html >>>>>>> >>>>>>> regards >>>>>>> >>>>>> >>>>>> You can convert a slapd.conf to cn=config using slaptest >>>>>> >>>>>> slaptest -f path/to/slapd.conf -F path/to/slapd.d >>>>>> >>>>> >>>>> # cn=config >>>>> dn: cn=config >>>>> objectClass: olcGlobal >>>>> cn: config >>>>> ... >>>>> olcTLSCACertificateFile: /path/to/cacert >>>>> olcTLSCertificateFile: /path/to/cert >>>>> olcTLSCertificateKeyFile: /path/to/key >>>>> olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 >>>>> ... >>>>> >>>> >>>> >>> >> > Can you run > > ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389 > > > Ok, retry the "ldapmodify" command using
ldapmodify -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 -f mod_ssl.ldif
There is something wrong with your setup.
1/ Stops your instance 2/ Exports your configuration
slapcat -F /path/to/slapd.d -n 0 -l config.ldif
3/ Performs the modification directly on config.ldif 4/ Removes the old configuration
rm -rf /path/to/slapd.d/*
5/ Imports the new configuration
slapadd -F /path/to/slapd.d -n 0 -l config.ldif
6/ Starts your instance
Did you removed the content of /path/to/slapd.d ?
Hi Abdelkader,
I have changed my ldap.conf file to following:
BASE dc=platalytics,dc=com URI ldaps://127.0.0.1 TLS_REQCERT demand TLS_CACERT /etc/ldap/cacert.pem
I also works.
Can you please verify is it correct approach?
On Thu, Aug 20, 2015 at 11:36 PM, Aneela Saleem aneela@platalytics.com wrote:
Hi Abdelkader,
I tried following link
http://rogermoffatt.com/2011/08/24/ubuntu-openldap-with-ssltls/
It worked. But don't you think setting "TLS_REQCERT never" kills the purpose of ssl. As client FQDN is not checked in this againt.
On Thu, Aug 20, 2015 at 10:39 PM, Abdelkader Chelouah < a.chelouah@gmail.com> wrote:
On 20/08/2015 18:23, Aneela Saleem wrote:
55d5ff01 str2entry: entry -1 has multiple DNs "cn=config" and "cn=module{0},cn=config"
On Thu, Aug 20, 2015 at 8:30 PM, Aneela Saleem aneela@platalytics.com wrote:
5/ Imports the new configuration
slapadd -F /path/to/slapd.d -n 0 -l config.ldif
I get the following error:
slapadd: could not add entry dn="cn=config" (line=1): _ 1.03% eta none elapsed none spd 4.2 M/s Closing DB...
On Thu, Aug 20, 2015 at 2:11 AM, Abdelkader Chelouah < a.chelouah@gmail.coma.chelouah@gmail.com> wrote:
On 19/08/2015 20:32, Aneela Saleem wrote:
Anyone there? Please help me getting out of this problem
On Wed, Aug 19, 2015 at 1:29 AM, Aneela Saleem < aneela@platalytics.comaneela@platalytics.com> wrote:
this is my /etc/ldap/ldap.conf file:
BASE dc=platalytics,dc=com
URI ldap://127.0.0.1
TLS_CACERT /etc/ldap/cacert.pem
On Wed, Aug 19, 2015 at 1:07 AM, Aneela Saleem < aneela@platalytics.comaneela@platalytics.com> wrote:
Still i get following error:
modifying entry "cn=config" ldap_result: Can't contact LDAP server (-1)
On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader Chelouah < a.chelouah@gmail.coma.chelouah@gmail.com> wrote:
> On 18/08/2015 20:27, Aneela Saleem wrote: > > I get following result > > ldap_initialize( ldap://localhost:389/??base ) > dn:cn=admin,cn=config > Result: Success (0) > > > On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah < > a.chelouah@gmail.coma.chelouah@gmail.com> wrote: > >> On 18/08/2015 20:11, Aneela Saleem wrote: >> >> When i add below file i.e., ssl_mod.ldif >> >> *dn: cn=config* >> *changetype: modify* >> *add: olcTLSCACertificateFile* >> *olcTLSCACertificateFile: /etc/ldap/cacert.pem* >> *-* >> *add: olcTLSCertificateFile* >> *olcTLSCertificateFile: /etc/ldap/servercrt.pem* >> *-* >> *add: olcTLSCertificateKeyFile* >> *olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem* >> *-* >> *add: olcTLSCipherSuite* >> *olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2* >> >> using following command: >> >> ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f >> mod_ssl.ldif >> >> i get ldap_result: Can't contact LDAP server (-1) error. >> >> Although LDAP is running. I can run following command i.e., >> >> ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" >> -w 123 -b "dc=platalytics,dc=com" "objectclass=*" >> >> How can i make ldaps work? >> >> On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem < >> aneela@platalytics.comaneela@platalytics.com> wrote: >> >>> Where i can find the logs? >>> >>> On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem < >>> aneela@platalytics.comaneela@platalytics.com> wrote: >>> >>>> I wrote the above lines in olcDatabase={0}config.ldif file. When >>>> i restart slapd it gets failed. >>>> >>>> >>>> On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem < >>>> aneela@platalytics.comaneela@platalytics.com> wrote: >>>> >>>>> Which file i need to write this in? >>>>> >>>>> On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah < >>>>> a.chelouah@gmail.coma.chelouah@gmail.com> wrote: >>>>> >>>>>> On 18/08/2015 16:05, Aneela Saleem wrote: >>>>>> >>>>>> I have no slapd.conf. I have cn=conf >>>>>> >>>>>> On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah < >>>>>> a.chelouah@gmail.coma.chelouah@gmail.com> wrote: >>>>>> >>>>>>> On 18/08/2015 15:51, Aneela Saleem wrote: >>>>>>> >>>>>>> Thanks Michael and Abdelkader. >>>>>>> >>>>>>> Abdelkaded the link you provided is for slapd.conf >>>>>>> distribution. Can you please guide me how to do "cn=config" distribution? >>>>>>> >>>>>>> On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah < >>>>>>> a.chelouah@gmail.coma.chelouah@gmail.com> wrote: >>>>>>> >>>>>>>> On 18/08/2015 15:41, Michael Ströder wrote: >>>>>>>> >>>>>>>>> Aneela Saleem wrote: >>>>>>>>> >>>>>>>>>> Can anyone please provide me some link for enabling "ldaps" >>>>>>>>>> >>>>>>>>> http://www.openldap.org/doc/admin24/tls.html >>>>>>>>> http://www.openldap.org/doc/admin24/tls.html >>>>>>>>> >>>>>>>>> Ciao, Michael. >>>>>>>>> >>>>>>>>> or http://www.openldap.org/faq/data/cache/185.html >>>>>>>> http://www.openldap.org/faq/data/cache/185.html >>>>>>>> >>>>>>>> regards >>>>>>>> >>>>>>> >>>>>>> You can convert a slapd.conf to cn=config using slaptest >>>>>>> >>>>>>> slaptest -f path/to/slapd.conf -F path/to/slapd.d >>>>>>> >>>>>> >>>>>> # cn=config >>>>>> dn: cn=config >>>>>> objectClass: olcGlobal >>>>>> cn: config >>>>>> ... >>>>>> olcTLSCACertificateFile: /path/to/cacert >>>>>> olcTLSCertificateFile: /path/to/cert >>>>>> olcTLSCertificateKeyFile: /path/to/key >>>>>> olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 >>>>>> ... >>>>>> >>>>> >>>>> >>>> >>> >> Can you run >> >> ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389 >> >> >> > Ok, retry the "ldapmodify" command using > > ldapmodify -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 > -f mod_ssl.ldif > > > >
There is something wrong with your setup.
1/ Stops your instance 2/ Exports your configuration
slapcat -F /path/to/slapd.d -n 0 -l config.ldif
3/ Performs the modification directly on config.ldif 4/ Removes the old configuration
rm -rf /path/to/slapd.d/*
5/ Imports the new configuration
slapadd -F /path/to/slapd.d -n 0 -l config.ldif
6/ Starts your instance
Did you removed the content of /path/to/slapd.d ?
The URI is not correct. You have to use the FQDN instead of 127.0.0.1, ie
URI ldaps://FQDDN:PORT
You can omit the PORT part if you use 636.
On 20/08/2015 23:12, Aneela Saleem wrote:
Hi Abdelkader,
I have changed my ldap.conf file to following:
BASE dc=platalytics,dc=com URI ldaps://127.0.0.1 http://127.0.0.1 TLS_REQCERT demand TLS_CACERT /etc/ldap/cacert.pem
I also works.
Can you please verify is it correct approach?
On Thu, Aug 20, 2015 at 11:36 PM, Aneela Saleem <aneela@platalytics.com mailto:aneela@platalytics.com> wrote:
Hi Abdelkader, I tried following link http://rogermoffatt.com/2011/08/24/ubuntu-openldap-with-ssltls/ It worked. But don't you think setting "TLS_REQCERT never" kills the purpose of ssl. As client FQDN is not checked in this againt. On Thu, Aug 20, 2015 at 10:39 PM, Abdelkader Chelouah <a.chelouah@gmail.com <mailto:a.chelouah@gmail.com>> wrote: On 20/08/2015 18:23, Aneela Saleem wrote:55d5ff01 str2entry: entry -1 has multiple DNs "cn=config" and "cn=module{0},cn=config" On Thu, Aug 20, 2015 at 8:30 PM, Aneela Saleem <aneela@platalytics.com <mailto:aneela@platalytics.com>> wrote: 5/ Imports the new configuration slapadd -F /path/to/slapd.d -n 0 -l config.ldif I get the following error: slapadd: could not add entry dn="cn=config" (line=1): _ 1.03% eta none elapsed none spd 4.2 M/s Closing DB... On Thu, Aug 20, 2015 at 2:11 AM, Abdelkader Chelouah <a.chelouah@gmail.com <mailto:a.chelouah@gmail.com>> wrote: On 19/08/2015 20:32, Aneela Saleem wrote:Anyone there? Please help me getting out of this problem On Wed, Aug 19, 2015 at 1:29 AM, Aneela Saleem <aneela@platalytics.com <mailto:aneela@platalytics.com>> wrote: this is my /etc/ldap/ldap.conf file: BASE dc=platalytics,dc=com URI ldap://127.0.0.1 <http://127.0.0.1> TLS_CACERT /etc/ldap/cacert.pem On Wed, Aug 19, 2015 at 1:07 AM, Aneela Saleem <aneela@platalytics.com <mailto:aneela@platalytics.com>> wrote: Still i get following error: modifying entry "cn=config" ldap_result: Can't contact LDAP server (-1) On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader Chelouah <a.chelouah@gmail.com <mailto:a.chelouah@gmail.com>> wrote: On 18/08/2015 20:27, Aneela Saleem wrote:I get following result ldap_initialize( ldap://localhost:389/??base ) dn:cn=admin,cn=config Result: Success (0) On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah <a.chelouah@gmail.com <mailto:a.chelouah@gmail.com>> wrote: On 18/08/2015 20:11, Aneela Saleem wrote:When i add below file i.e., ssl_mod.ldif * * *dn: cn=config* *changetype: modify* *add: olcTLSCACertificateFile* *olcTLSCACertificateFile: /etc/ldap/cacert.pem* *-* *add: olcTLSCertificateFile* *olcTLSCertificateFile: /etc/ldap/servercrt.pem* *-* *add: olcTLSCertificateKeyFile* *olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem* *-* *add: olcTLSCipherSuite* *olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2* * * using following command: ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f mod_ssl.ldif i get ldap_result: Can't contact LDAP server (-1) error. Although LDAP is running. I can run following command i.e., ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w 123 -b "dc=platalytics,dc=com" "objectclass=*" How can i make ldaps work? On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem <aneela@platalytics.com <mailto:aneela@platalytics.com>> wrote: Where i can find the logs? On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem <aneela@platalytics.com <mailto:aneela@platalytics.com>> wrote: I wrote the above lines in olcDatabase={0}config.ldif file. When i restart slapd it gets failed. On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem <aneela@platalytics.com <mailto:aneela@platalytics.com>> wrote: Which file i need to write this in? On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah <a.chelouah@gmail.com <mailto:a.chelouah@gmail.com>> wrote: On 18/08/2015 16:05, Aneela Saleem wrote:I have no slapd.conf. I have cn=conf On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah <a.chelouah@gmail.com <mailto:a.chelouah@gmail.com>> wrote: On 18/08/2015 15:51, Aneela Saleem wrote:> Thanks > Michael and > Abdelkader. > > Abdelkaded > the link you > provided is > for > slapd.conf > distribution. Can > you please > guide me how > to do > "cn=config" > distribution? > > On Tue, Aug > 18, 2015 at > 6:45 PM, > Abdelkader > Chelouah > <a.chelouah@gmail.com > mailto:a.chelouah@gmail.com> > wrote: > > On > 18/08/2015 > 15:41, > Michael > Ströder > wrote: > > Aneela > Saleem > wrote: > > Can > anyone > please > provide > me > some > link > for > enabling > "ldaps" > > http://www.openldap.org/doc/admin24/tls.html > > Ciao, Michael. > > or > http://www.openldap.org/faq/data/cache/185.html > > regards > > You can convert a slapd.conf to cn=config using slaptest
slaptest -f path/to/slapd.conf -F path/to/slapd.d# cn=config dn: cn=config objectClass: olcGlobal cn: config ... olcTLSCACertificateFile: /path/to/cacert olcTLSCertificateFile: /path/to/cert olcTLSCertificateKeyFile: /path/to/key olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 ...Can you run ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389Ok, retry the "ldapmodify" command using ldapmodify -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 -f mod_ssl.ldifThere is something wrong with your setup. 1/ Stops your instance 2/ Exports your configuration slapcat -F /path/to/slapd.d -n 0 -l config.ldif 3/ Performs the modification directly on config.ldif 4/ Removes the old configuration rm -rf /path/to/slapd.d/* 5/ Imports the new configuration slapadd -F /path/to/slapd.d -n 0 -l config.ldif 6/ Starts your instanceDid you removed the content of /path/to/slapd.d ?
On 19/08/2015 20:32, Aneela Saleem wrote:
Anyone there? Please help me getting out of this problem
On Wed, Aug 19, 2015 at 1:29 AM, Aneela Saleem <aneela@platalytics.com mailto:aneela@platalytics.com> wrote:
this is my /etc/ldap/ldap.conf file: BASE dc=platalytics,dc=com URI ldap://127.0.0.1 <http://127.0.0.1> TLS_CACERT /etc/ldap/cacert.pem On Wed, Aug 19, 2015 at 1:07 AM, Aneela Saleem <aneela@platalytics.com <mailto:aneela@platalytics.com>> wrote: Still i get following error: modifying entry "cn=config" ldap_result: Can't contact LDAP server (-1) On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader Chelouah <a.chelouah@gmail.com <mailto:a.chelouah@gmail.com>> wrote: On 18/08/2015 20:27, Aneela Saleem wrote:I get following result ldap_initialize( ldap://localhost:389/??base ) dn:cn=admin,cn=config Result: Success (0) On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah <a.chelouah@gmail.com <mailto:a.chelouah@gmail.com>> wrote: On 18/08/2015 20:11, Aneela Saleem wrote:When i add below file i.e., ssl_mod.ldif * * *dn: cn=config* *changetype: modify* *add: olcTLSCACertificateFile* *olcTLSCACertificateFile: /etc/ldap/cacert.pem* *-* *add: olcTLSCertificateFile* *olcTLSCertificateFile: /etc/ldap/servercrt.pem* *-* *add: olcTLSCertificateKeyFile* *olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem* *-* *add: olcTLSCipherSuite* *olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2* * * using following command: ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f mod_ssl.ldif i get ldap_result: Can't contact LDAP server (-1) error. Although LDAP is running. I can run following command i.e., ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w 123 -b "dc=platalytics,dc=com" "objectclass=*" How can i make ldaps work? On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem <aneela@platalytics.com <mailto:aneela@platalytics.com>> wrote: Where i can find the logs? On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem <aneela@platalytics.com <mailto:aneela@platalytics.com>> wrote: I wrote the above lines in olcDatabase={0}config.ldif file. When i restart slapd it gets failed. On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem <aneela@platalytics.com <mailto:aneela@platalytics.com>> wrote: Which file i need to write this in? On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah <a.chelouah@gmail.com <mailto:a.chelouah@gmail.com>> wrote: On 18/08/2015 16:05, Aneela Saleem wrote:I have no slapd.conf. I have cn=conf On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah <a.chelouah@gmail.com <mailto:a.chelouah@gmail.com>> wrote: On 18/08/2015 15:51, Aneela Saleem wrote:Thanks Michael and Abdelkader. Abdelkaded the link you provided is for slapd.conf distribution. Can you please guide me how to do "cn=config" distribution? On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah <a.chelouah@gmail.com <mailto:a.chelouah@gmail.com>> wrote: On 18/08/2015 15:41, Michael Ströder wrote: Aneela Saleem wrote: Can anyone please provide me some link for enabling "ldaps" http://www.openldap.org/doc/admin24/tls.html Ciao, Michael. or http://www.openldap.org/faq/data/cache/185.html regardsYou can convert a slapd.conf to cn=config using slaptest slaptest -f path/to/slapd.conf -F path/to/slapd.d# cn=config dn: cn=config objectClass: olcGlobal cn: config ... olcTLSCACertificateFile: /path/to/cacert olcTLSCertificateFile: /path/to/cert olcTLSCertificateKeyFile: /path/to/key olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 ...Can you run ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389Ok, retry the "ldapmodify" command using ldapmodify -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 -f mod_ssl.ldif
There is something wrong with your setup.
1/ Stops your instance 2/ Exports your configuration
slapcat -F /path/to/slapd.d -n 0 -l config.ldif
3/ Performs the modification directly on config.ldif 4/ Removes the old configuration
rm -rf /path/to/slapd.d/*
5/ Imports the new configuration
slapadd -F /path/to/slapd.d -n 0 -l config.ldif
6/ Starts your instance
openldap-technical@openldap.org
-
Abdelkader Chelouah -
Aneela Saleem -
Craig White -
Michael Ströder -
Quanah Gibson-Mount