LDAP over SSL ( ldaps ) - openldap-technical - openldap.org

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

December

LDAP over SSL ( ldaps )

ClearText Passwords in slapcat:...

Re: Slapd is coming down

Aneela Saleem

Tuesday, 18 August 2015 Tue, 18 Aug '15

6:39 a.m.

Hi all, Can anyone please provide me some link for enabling "ldaps" i have followed many links but continuously failing to do so. I have also tried "startTLS" but its not compatible with Apache Knox. Any help would be appreciated. Thanks

Attachments:

attachment.htm (text/html — 329 bytes)

Reply

Show replies by date

Michael Ströder

Tuesday, 18 August Tue, 18 Aug

6:41 a.m.

Aneela Saleem wrote:

Can anyone please provide me some link for enabling "ldaps"

http://www.openldap.org/doc/admin24/tls.html Ciao, Michael.

Reply

Abdelkader Chelouah

6:45 a.m.

On 18/08/2015 15:41, Michael Ströder wrote:

Aneela Saleem wrote: > Can anyone please provide me some link for enabling "ldaps" http://www.openldap.org/doc/admin24/tls.html Ciao, Michael.

or http://www.openldap.org/faq/data/cache/185.html regards

Reply

Aneela Saleem

6:51 a.m.

Thanks Michael and Abdelkader. Abdelkaded the link you provided is for slapd.conf distribution. Can you please guide me how to do "cn=config" distribution? On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah <a.chelouah(a)gmail.com> wrote:

On 18/08/2015 15:41, Michael Ströder wrote: > Aneela Saleem wrote: > >> Can anyone please provide me some link for enabling "ldaps" >> > http://www.openldap.org/doc/admin24/tls.html > > Ciao, Michael. > > or http://www.openldap.org/faq/data/cache/185.html regards

Reply

Abdelkader Chelouah

6:54 a.m.

On 18/08/2015 15:51, Aneela Saleem wrote:

Thanks Michael and Abdelkader. Abdelkaded the link you provided is for slapd.conf distribution. Can you please guide me how to do "cn=config" distribution? On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah <a.chelouah(a)gmail.com <mailto:a.chelouah@gmail.com>> wrote: On 18/08/2015 15:41, Michael Ströder wrote: Aneela Saleem wrote: Can anyone please provide me some link for enabling "ldaps" http://www.openldap.org/doc/admin24/tls.html Ciao, Michael. or http://www.openldap.org/faq/data/cache/185.html regards

You can convert a slapd.conf to cn=config using slaptest slaptest -f path/to/slapd.conf -F path/to/slapd.d

Reply

Aneela Saleem

7:05 a.m.

I have no slapd.conf. I have cn=conf On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah <a.chelouah(a)gmail.com> wrote:

On 18/08/2015 15:51, Aneela Saleem wrote: Thanks Michael and Abdelkader. Abdelkaded the link you provided is for slapd.conf distribution. Can you please guide me how to do "cn=config" distribution? On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah < <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: > On 18/08/2015 15:41, Michael Ströder wrote: > >> Aneela Saleem wrote: >> >>> Can anyone please provide me some link for enabling "ldaps" >>> >> http://www.openldap.org/doc/admin24/tls.html >> >> Ciao, Michael. >> >> or http://www.openldap.org/faq/data/cache/185.html > > regards > You can convert a slapd.conf to cn=config using slaptest slaptest -f path/to/slapd.conf -F path/to/slapd.d

Reply

Abdelkader Chelouah

7:09 a.m.

On 18/08/2015 16:05, Aneela Saleem wrote:

I have no slapd.conf. I have cn=conf On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah <a.chelouah(a)gmail.com <mailto:a.chelouah@gmail.com>> wrote: On 18/08/2015 15:51, Aneela Saleem wrote: > Thanks Michael and Abdelkader. > > Abdelkaded the link you provided is for slapd.conf distribution. > Can you please guide me how to do "cn=config" distribution? > > On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah > <a.chelouah(a)gmail.com <mailto:a.chelouah@gmail.com>> wrote: > > On 18/08/2015 15:41, Michael Ströder wrote: > > Aneela Saleem wrote: > > Can anyone please provide me some link for enabling > "ldaps" > > http://www.openldap.org/doc/admin24/tls.html > > Ciao, Michael. > > or http://www.openldap.org/faq/data/cache/185.html > > regards > > You can convert a slapd.conf to cn=config using slaptest slaptest -f path/to/slapd.conf -F path/to/slapd.d

# cn=config dn: cn=config objectClass: olcGlobal cn: config ... olcTLSCACertificateFile: /path/to/cacert olcTLSCertificateFile: /path/to/cert olcTLSCertificateKeyFile: /path/to/key olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 ...

Reply

Aneela Saleem

7:14 a.m.

Which file i need to write this in? On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah <a.chelouah(a)gmail.com> wrote:

On 18/08/2015 16:05, Aneela Saleem wrote: I have no slapd.conf. I have cn=conf On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah < <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: > On 18/08/2015 15:51, Aneela Saleem wrote: > > Thanks Michael and Abdelkader. > > Abdelkaded the link you provided is for slapd.conf distribution. Can you > please guide me how to do "cn=config" distribution? > > On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah < > <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: > >> On 18/08/2015 15:41, Michael Ströder wrote: >> >>> Aneela Saleem wrote: >>> >>>> Can anyone please provide me some link for enabling "ldaps" >>>> >>> http://www.openldap.org/doc/admin24/tls.html >>> >>> Ciao, Michael. >>> >>> or http://www.openldap.org/faq/data/cache/185.html >> >> regards >> > > You can convert a slapd.conf to cn=config using slaptest > > slaptest -f path/to/slapd.conf -F path/to/slapd.d > # cn=config dn: cn=config objectClass: olcGlobal cn: config ... olcTLSCACertificateFile: /path/to/cacert olcTLSCertificateFile: /path/to/cert olcTLSCertificateKeyFile: /path/to/key olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 ...

Reply

Aneela Saleem

7:36 a.m.

I wrote the above lines in olcDatabase={0}config.ldif file. When i restart slapd it gets failed. On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem <aneela(a)platalytics.com> wrote:

Which file i need to write this in? On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah <a.chelouah(a)gmail.com > wrote: > On 18/08/2015 16:05, Aneela Saleem wrote: > > I have no slapd.conf. I have cn=conf > > On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah < > <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: > >> On 18/08/2015 15:51, Aneela Saleem wrote: >> >> Thanks Michael and Abdelkader. >> >> Abdelkaded the link you provided is for slapd.conf distribution. Can you >> please guide me how to do "cn=config" distribution? >> >> On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah < >> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >> >>> On 18/08/2015 15:41, Michael Ströder wrote: >>> >>>> Aneela Saleem wrote: >>>> >>>>> Can anyone please provide me some link for enabling "ldaps" >>>>> >>>> http://www.openldap.org/doc/admin24/tls.html >>>> >>>> Ciao, Michael. >>>> >>>> or http://www.openldap.org/faq/data/cache/185.html >>> >>> regards >>> >> >> You can convert a slapd.conf to cn=config using slaptest >> >> slaptest -f path/to/slapd.conf -F path/to/slapd.d >> > > # cn=config > dn: cn=config > objectClass: olcGlobal > cn: config > ... > olcTLSCACertificateFile: /path/to/cacert > olcTLSCertificateFile: /path/to/cert > olcTLSCertificateKeyFile: /path/to/key > olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 > ... >

Reply

Aneela Saleem

7:37 a.m.

Where i can find the logs? On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem <aneela(a)platalytics.com> wrote:

I wrote the above lines in olcDatabase={0}config.ldif file. When i restart slapd it gets failed. On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem <aneela(a)platalytics.com> wrote: > Which file i need to write this in? > > On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah < > a.chelouah(a)gmail.com> wrote: > >> On 18/08/2015 16:05, Aneela Saleem wrote: >> >> I have no slapd.conf. I have cn=conf >> >> On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah < >> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >> >>> On 18/08/2015 15:51, Aneela Saleem wrote: >>> >>> Thanks Michael and Abdelkader. >>> >>> Abdelkaded the link you provided is for slapd.conf distribution. Can >>> you please guide me how to do "cn=config" distribution? >>> >>> On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah < >>> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >>> >>>> On 18/08/2015 15:41, Michael Ströder wrote: >>>> >>>>> Aneela Saleem wrote: >>>>> >>>>>> Can anyone please provide me some link for enabling "ldaps" >>>>>> >>>>> http://www.openldap.org/doc/admin24/tls.html >>>>> >>>>> Ciao, Michael. >>>>> >>>>> or http://www.openldap.org/faq/data/cache/185.html >>>> >>>> regards >>>> >>> >>> You can convert a slapd.conf to cn=config using slaptest >>> >>> slaptest -f path/to/slapd.conf -F path/to/slapd.d >>> >> >> # cn=config >> dn: cn=config >> objectClass: olcGlobal >> cn: config >> ... >> olcTLSCACertificateFile: /path/to/cacert >> olcTLSCertificateFile: /path/to/cert >> olcTLSCertificateKeyFile: /path/to/key >> olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 >> ... >> > >

Reply

Aneela Saleem

11:11 a.m.

When i add below file i.e., ssl_mod.ldif *dn: cn=config* *changetype: modify* *add: olcTLSCACertificateFile* *olcTLSCACertificateFile: /etc/ldap/cacert.pem* *-* *add: olcTLSCertificateFile* *olcTLSCertificateFile: /etc/ldap/servercrt.pem* *-* *add: olcTLSCertificateKeyFile* *olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem* *-* *add: olcTLSCipherSuite* *olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2* using following command: ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f mod_ssl.ldif i get ldap_result: Can't contact LDAP server (-1) error. Although LDAP is running. I can run following command i.e., ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w 123 -b "dc=platalytics,dc=com" "objectclass=*" How can i make ldaps work? On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem <aneela(a)platalytics.com> wrote:

Where i can find the logs? On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem <aneela(a)platalytics.com> wrote: > I wrote the above lines in olcDatabase={0}config.ldif file. When i > restart slapd it gets failed. > > > On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem <aneela(a)platalytics.com> > wrote: > >> Which file i need to write this in? >> >> On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah < >> a.chelouah(a)gmail.com> wrote: >> >>> On 18/08/2015 16:05, Aneela Saleem wrote: >>> >>> I have no slapd.conf. I have cn=conf >>> >>> On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah < >>> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >>> >>>> On 18/08/2015 15:51, Aneela Saleem wrote: >>>> >>>> Thanks Michael and Abdelkader. >>>> >>>> Abdelkaded the link you provided is for slapd.conf distribution. Can >>>> you please guide me how to do "cn=config" distribution? >>>> >>>> On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah < >>>> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >>>> >>>>> On 18/08/2015 15:41, Michael Ströder wrote: >>>>> >>>>>> Aneela Saleem wrote: >>>>>> >>>>>>> Can anyone please provide me some link for enabling "ldaps" >>>>>>> >>>>>> http://www.openldap.org/doc/admin24/tls.html >>>>>> >>>>>> Ciao, Michael. >>>>>> >>>>>> or http://www.openldap.org/faq/data/cache/185.html >>>>> >>>>> regards >>>>> >>>> >>>> You can convert a slapd.conf to cn=config using slaptest >>>> >>>> slaptest -f path/to/slapd.conf -F path/to/slapd.d >>>> >>> >>> # cn=config >>> dn: cn=config >>> objectClass: olcGlobal >>> cn: config >>> ... >>> olcTLSCACertificateFile: /path/to/cacert >>> olcTLSCertificateFile: /path/to/cert >>> olcTLSCertificateKeyFile: /path/to/key >>> olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 >>> ... >>> >> >> >

Reply

Abdelkader Chelouah

11:24 a.m.

On 18/08/2015 20:11, Aneela Saleem wrote:

When i add below file i.e., ssl_mod.ldif * * *dn: cn=config* *changetype: modify* *add: olcTLSCACertificateFile* *olcTLSCACertificateFile: /etc/ldap/cacert.pem* *-* *add: olcTLSCertificateFile* *olcTLSCertificateFile: /etc/ldap/servercrt.pem* *-* *add: olcTLSCertificateKeyFile* *olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem* *-* *add: olcTLSCipherSuite* *olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2* * * using following command: ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f mod_ssl.ldif i get ldap_result: Can't contact LDAP server (-1) error. Although LDAP is running. I can run following command i.e., ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w 123 -b "dc=platalytics,dc=com" "objectclass=*" How can i make ldaps work? On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem <aneela(a)platalytics.com <mailto:aneela@platalytics.com>> wrote: Where i can find the logs? On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem <aneela(a)platalytics.com <mailto:aneela@platalytics.com>> wrote: I wrote the above lines in olcDatabase={0}config.ldif file. When i restart slapd it gets failed. On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem <aneela(a)platalytics.com <mailto:aneela@platalytics.com>> wrote: Which file i need to write this in? On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah <a.chelouah(a)gmail.com <mailto:a.chelouah@gmail.com>> wrote: On 18/08/2015 16:05, Aneela Saleem wrote: > I have no slapd.conf. I have cn=conf > > On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah > <a.chelouah(a)gmail.com <mailto:a.chelouah@gmail.com>> > wrote: > > On 18/08/2015 15:51, Aneela Saleem wrote: >> Thanks Michael and Abdelkader. >> >> Abdelkaded the link you provided is for >> slapd.conf distribution. Can you please guide me >> how to do "cn=config" distribution? >> >> On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader >> Chelouah <a.chelouah(a)gmail.com >> <mailto:a.chelouah@gmail.com>> wrote: >> >> On 18/08/2015 15:41, Michael Ströder wrote: >> >> Aneela Saleem wrote: >> >> Can anyone please provide me some >> link for enabling "ldaps" >> >> http://www.openldap.org/doc/admin24/tls.html >> >> Ciao, Michael. >> >> or >> http://www.openldap.org/faq/data/cache/185.html >> >> regards >> >> > You can convert a slapd.conf to cn=config using > slaptest > > slaptest -f path/to/slapd.conf -F path/to/slapd.d > > # cn=config dn: cn=config objectClass: olcGlobal cn: config ... olcTLSCACertificateFile: /path/to/cacert olcTLSCertificateFile: /path/to/cert olcTLSCertificateKeyFile: /path/to/key olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 ...

Can you run ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389

Reply

Aneela Saleem

11:27 a.m.

I get following result ldap_initialize( ldap://localhost:389/??base ) dn:cn=admin,cn=config Result: Success (0) On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah <a.chelouah(a)gmail.com> wrote:

On 18/08/2015 20:11, Aneela Saleem wrote: When i add below file i.e., ssl_mod.ldif *dn: cn=config* *changetype: modify* *add: olcTLSCACertificateFile* *olcTLSCACertificateFile: /etc/ldap/cacert.pem* *-* *add: olcTLSCertificateFile* *olcTLSCertificateFile: /etc/ldap/servercrt.pem* *-* *add: olcTLSCertificateKeyFile* *olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem* *-* *add: olcTLSCipherSuite* *olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2* using following command: ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f mod_ssl.ldif i get ldap_result: Can't contact LDAP server (-1) error. Although LDAP is running. I can run following command i.e., ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w 123 -b "dc=platalytics,dc=com" "objectclass=*" How can i make ldaps work? On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem <aneela(a)platalytics.com> wrote: > Where i can find the logs? > > On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem < <aneela(a)platalytics.com> > aneela(a)platalytics.com> wrote: > >> I wrote the above lines in olcDatabase={0}config.ldif file. When i >> restart slapd it gets failed. >> >> >> On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem <aneela(a)platalytics.com> >> wrote: >> >>> Which file i need to write this in? >>> >>> On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah < >>> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >>> >>>> On 18/08/2015 16:05, Aneela Saleem wrote: >>>> >>>> I have no slapd.conf. I have cn=conf >>>> >>>> On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah < >>>> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >>>> >>>>> On 18/08/2015 15:51, Aneela Saleem wrote: >>>>> >>>>> Thanks Michael and Abdelkader. >>>>> >>>>> Abdelkaded the link you provided is for slapd.conf distribution. Can >>>>> you please guide me how to do "cn=config" distribution? >>>>> >>>>> On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah < >>>>> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >>>>> >>>>>> On 18/08/2015 15:41, Michael Ströder wrote: >>>>>> >>>>>>> Aneela Saleem wrote: >>>>>>> >>>>>>>> Can anyone please provide me some link for enabling "ldaps" >>>>>>>> >>>>>>> <http://www.openldap.org/doc/admin24/tls.html> >>>>>>> http://www.openldap.org/doc/admin24/tls.html >>>>>>> >>>>>>> Ciao, Michael. >>>>>>> >>>>>>> or <http://www.openldap.org/faq/data/cache/185.html> >>>>>> http://www.openldap.org/faq/data/cache/185.html >>>>>> >>>>>> regards >>>>>> >>>>> >>>>> You can convert a slapd.conf to cn=config using slaptest >>>>> >>>>> slaptest -f path/to/slapd.conf -F path/to/slapd.d >>>>> >>>> >>>> # cn=config >>>> dn: cn=config >>>> objectClass: olcGlobal >>>> cn: config >>>> ... >>>> olcTLSCACertificateFile: /path/to/cacert >>>> olcTLSCertificateFile: /path/to/cert >>>> olcTLSCertificateKeyFile: /path/to/key >>>> olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 >>>> ... >>>> >>> >>> >> > Can you run ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389

Reply

Abdelkader Chelouah

12:34 p.m.

On 18/08/2015 20:27, Aneela Saleem wrote:

I get following result ldap_initialize( ldap://localhost:389/??base ) dn:cn=admin,cn=config Result: Success (0) On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah <a.chelouah(a)gmail.com <mailto:a.chelouah@gmail.com>> wrote: On 18/08/2015 20:11, Aneela Saleem wrote: > When i add below file i.e., ssl_mod.ldif > * > * > *dn: cn=config* > *changetype: modify* > *add: olcTLSCACertificateFile* > *olcTLSCACertificateFile: /etc/ldap/cacert.pem* > *-* > *add: olcTLSCertificateFile* > *olcTLSCertificateFile: /etc/ldap/servercrt.pem* > *-* > *add: olcTLSCertificateKeyFile* > *olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem* > *-* > *add: olcTLSCipherSuite* > *olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2* > * > * > using following command: > > ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f > mod_ssl.ldif > > i get ldap_result: Can't contact LDAP server (-1) error. > > Although LDAP is running. I can run following command i.e., > > ldapsearch -h localhost -p 389 -D > "cn=admin,dc=platalytics,dc=com" -w 123 -b > "dc=platalytics,dc=com" "objectclass=*" > > How can i make ldaps work? > > On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem > <aneela(a)platalytics.com <mailto:aneela@platalytics.com>> wrote: > > Where i can find the logs? > > On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem > <aneela(a)platalytics.com <mailto:aneela@platalytics.com>> wrote: > > I wrote the above lines in olcDatabase={0}config.ldif > file. When i restart slapd it gets failed. > > > On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem > <aneela(a)platalytics.com <mailto:aneela@platalytics.com>> > wrote: > > Which file i need to write this in? > > On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah > <a.chelouah(a)gmail.com <mailto:a.chelouah@gmail.com>> > wrote: > > On 18/08/2015 16:05, Aneela Saleem wrote: >> I have no slapd.conf. I have cn=conf >> >> On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader >> Chelouah <a.chelouah(a)gmail.com >> <mailto:a.chelouah@gmail.com>> wrote: >> >> On 18/08/2015 15:51, Aneela Saleem wrote: >>> Thanks Michael and Abdelkader. >>> >>> Abdelkaded the link you provided is for >>> slapd.conf distribution. Can you please >>> guide me how to do "cn=config" distribution? >>> >>> On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader >>> Chelouah <a.chelouah(a)gmail.com >>> <mailto:a.chelouah@gmail.com>> wrote: >>> >>> On 18/08/2015 15:41, Michael Ströder wrote: >>> >>> Aneela Saleem wrote: >>> >>> Can anyone please provide me >>> some link for enabling "ldaps" >>> >>> http://www.openldap.org/doc/admin24/tls.html >>> >>> Ciao, Michael. >>> >>> or >>> http://www.openldap.org/faq/data/cache/185.html >>> >>> regards >>> >>> >> You can convert a slapd.conf to cn=config >> using slaptest >> >> slaptest -f path/to/slapd.conf -F >> path/to/slapd.d >> >> > # cn=config > dn: cn=config > objectClass: olcGlobal > cn: config > ... > olcTLSCACertificateFile: /path/to/cacert > olcTLSCertificateFile: /path/to/cert > olcTLSCertificateKeyFile: /path/to/key > olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 > ... > > > > > Can you run ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389

Ok, retry the "ldapmodify" command using ldapmodify -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 -f mod_ssl.ldif

Reply

Aneela Saleem

1:07 p.m.

Still i get following error: modifying entry "cn=config" ldap_result: Can't contact LDAP server (-1) On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader Chelouah <a.chelouah(a)gmail.com> wrote:

On 18/08/2015 20:27, Aneela Saleem wrote: I get following result ldap_initialize( ldap://localhost:389/??base ) dn:cn=admin,cn=config Result: Success (0) On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah < <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: > On 18/08/2015 20:11, Aneela Saleem wrote: > > When i add below file i.e., ssl_mod.ldif > > *dn: cn=config* > *changetype: modify* > *add: olcTLSCACertificateFile* > *olcTLSCACertificateFile: /etc/ldap/cacert.pem* > *-* > *add: olcTLSCertificateFile* > *olcTLSCertificateFile: /etc/ldap/servercrt.pem* > *-* > *add: olcTLSCertificateKeyFile* > *olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem* > *-* > *add: olcTLSCipherSuite* > *olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2* > > using following command: > > ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f > mod_ssl.ldif > > i get ldap_result: Can't contact LDAP server (-1) error. > > Although LDAP is running. I can run following command i.e., > > ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w 123 > -b "dc=platalytics,dc=com" "objectclass=*" > > How can i make ldaps work? > > On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem < <aneela(a)platalytics.com> > aneela(a)platalytics.com> wrote: > >> Where i can find the logs? >> >> On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem < >> <aneela@platalytics.com>aneela@platalytics.com> wrote: >> >>> I wrote the above lines in olcDatabase={0}config.ldif file. When i >>> restart slapd it gets failed. >>> >>> >>> On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem < >>> <aneela@platalytics.com>aneela@platalytics.com> wrote: >>> >>>> Which file i need to write this in? >>>> >>>> On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah < >>>> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >>>> >>>>> On 18/08/2015 16:05, Aneela Saleem wrote: >>>>> >>>>> I have no slapd.conf. I have cn=conf >>>>> >>>>> On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah < >>>>> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >>>>> >>>>>> On 18/08/2015 15:51, Aneela Saleem wrote: >>>>>> >>>>>> Thanks Michael and Abdelkader. >>>>>> >>>>>> Abdelkaded the link you provided is for slapd.conf distribution. Can >>>>>> you please guide me how to do "cn=config" distribution? >>>>>> >>>>>> On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah < >>>>>> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >>>>>> >>>>>>> On 18/08/2015 15:41, Michael Ströder wrote: >>>>>>> >>>>>>>> Aneela Saleem wrote: >>>>>>>> >>>>>>>>> Can anyone please provide me some link for enabling "ldaps" >>>>>>>>> >>>>>>>> <http://www.openldap.org/doc/admin24/tls.html> >>>>>>>> http://www.openldap.org/doc/admin24/tls.html >>>>>>>> >>>>>>>> Ciao, Michael. >>>>>>>> >>>>>>>> or <http://www.openldap.org/faq/data/cache/185.html> >>>>>>> http://www.openldap.org/faq/data/cache/185.html >>>>>>> >>>>>>> regards >>>>>>> >>>>>> >>>>>> You can convert a slapd.conf to cn=config using slaptest >>>>>> >>>>>> slaptest -f path/to/slapd.conf -F path/to/slapd.d >>>>>> >>>>> >>>>> # cn=config >>>>> dn: cn=config >>>>> objectClass: olcGlobal >>>>> cn: config >>>>> ... >>>>> olcTLSCACertificateFile: /path/to/cacert >>>>> olcTLSCertificateFile: /path/to/cert >>>>> olcTLSCertificateKeyFile: /path/to/key >>>>> olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 >>>>> ... >>>>> >>>> >>>> >>> >> > Can you run > > ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389 > > > Ok, retry the "ldapmodify" command using ldapmodify -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 -f mod_ssl.ldif

Reply

Aneela Saleem

1:29 p.m.

this is my /etc/ldap/ldap.conf file: BASE dc=platalytics,dc=com URI ldap://127.0.0.1 TLS_CACERT /etc/ldap/cacert.pem On Wed, Aug 19, 2015 at 1:07 AM, Aneela Saleem <aneela(a)platalytics.com> wrote:

Still i get following error: modifying entry "cn=config" ldap_result: Can't contact LDAP server (-1) On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader Chelouah < a.chelouah(a)gmail.com> wrote: > On 18/08/2015 20:27, Aneela Saleem wrote: > > I get following result > > ldap_initialize( ldap://localhost:389/??base ) > dn:cn=admin,cn=config > Result: Success (0) > > > On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah < > <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: > >> On 18/08/2015 20:11, Aneela Saleem wrote: >> >> When i add below file i.e., ssl_mod.ldif >> >> *dn: cn=config* >> *changetype: modify* >> *add: olcTLSCACertificateFile* >> *olcTLSCACertificateFile: /etc/ldap/cacert.pem* >> *-* >> *add: olcTLSCertificateFile* >> *olcTLSCertificateFile: /etc/ldap/servercrt.pem* >> *-* >> *add: olcTLSCertificateKeyFile* >> *olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem* >> *-* >> *add: olcTLSCipherSuite* >> *olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2* >> >> using following command: >> >> ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f >> mod_ssl.ldif >> >> i get ldap_result: Can't contact LDAP server (-1) error. >> >> Although LDAP is running. I can run following command i.e., >> >> ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w >> 123 -b "dc=platalytics,dc=com" "objectclass=*" >> >> How can i make ldaps work? >> >> On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem < >> <aneela@platalytics.com>aneela@platalytics.com> wrote: >> >>> Where i can find the logs? >>> >>> On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem < >>> <aneela@platalytics.com>aneela@platalytics.com> wrote: >>> >>>> I wrote the above lines in olcDatabase={0}config.ldif file. When i >>>> restart slapd it gets failed. >>>> >>>> >>>> On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem < >>>> <aneela@platalytics.com>aneela@platalytics.com> wrote: >>>> >>>>> Which file i need to write this in? >>>>> >>>>> On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah < >>>>> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >>>>> >>>>>> On 18/08/2015 16:05, Aneela Saleem wrote: >>>>>> >>>>>> I have no slapd.conf. I have cn=conf >>>>>> >>>>>> On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah < >>>>>> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >>>>>> >>>>>>> On 18/08/2015 15:51, Aneela Saleem wrote: >>>>>>> >>>>>>> Thanks Michael and Abdelkader. >>>>>>> >>>>>>> Abdelkaded the link you provided is for slapd.conf distribution. >>>>>>> Can you please guide me how to do "cn=config" distribution? >>>>>>> >>>>>>> On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah < >>>>>>> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >>>>>>> >>>>>>>> On 18/08/2015 15:41, Michael Ströder wrote: >>>>>>>> >>>>>>>>> Aneela Saleem wrote: >>>>>>>>> >>>>>>>>>> Can anyone please provide me some link for enabling "ldaps" >>>>>>>>>> >>>>>>>>> <http://www.openldap.org/doc/admin24/tls.html> >>>>>>>>> http://www.openldap.org/doc/admin24/tls.html >>>>>>>>> >>>>>>>>> Ciao, Michael. >>>>>>>>> >>>>>>>>> or <http://www.openldap.org/faq/data/cache/185.html> >>>>>>>> http://www.openldap.org/faq/data/cache/185.html >>>>>>>> >>>>>>>> regards >>>>>>>> >>>>>>> >>>>>>> You can convert a slapd.conf to cn=config using slaptest >>>>>>> >>>>>>> slaptest -f path/to/slapd.conf -F path/to/slapd.d >>>>>>> >>>>>> >>>>>> # cn=config >>>>>> dn: cn=config >>>>>> objectClass: olcGlobal >>>>>> cn: config >>>>>> ... >>>>>> olcTLSCACertificateFile: /path/to/cacert >>>>>> olcTLSCertificateFile: /path/to/cert >>>>>> olcTLSCertificateKeyFile: /path/to/key >>>>>> olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 >>>>>> ... >>>>>> >>>>> >>>>> >>>> >>> >> Can you run >> >> ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389 >> >> >> > Ok, retry the "ldapmodify" command using > > ldapmodify -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 -f > mod_ssl.ldif > > > >

Reply

Aneela Saleem

Wednesday, 19 August Wed, 19 Aug

11:32 a.m.

Anyone there? Please help me getting out of this problem On Wed, Aug 19, 2015 at 1:29 AM, Aneela Saleem <aneela(a)platalytics.com> wrote:

this is my /etc/ldap/ldap.conf file: BASE dc=platalytics,dc=com URI ldap://127.0.0.1 TLS_CACERT /etc/ldap/cacert.pem On Wed, Aug 19, 2015 at 1:07 AM, Aneela Saleem <aneela(a)platalytics.com> wrote: > Still i get following error: > > modifying entry "cn=config" > ldap_result: Can't contact LDAP server (-1) > > > On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader Chelouah < > a.chelouah(a)gmail.com> wrote: > >> On 18/08/2015 20:27, Aneela Saleem wrote: >> >> I get following result >> >> ldap_initialize( ldap://localhost:389/??base ) >> dn:cn=admin,cn=config >> Result: Success (0) >> >> >> On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah < >> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >> >>> On 18/08/2015 20:11, Aneela Saleem wrote: >>> >>> When i add below file i.e., ssl_mod.ldif >>> >>> *dn: cn=config* >>> *changetype: modify* >>> *add: olcTLSCACertificateFile* >>> *olcTLSCACertificateFile: /etc/ldap/cacert.pem* >>> *-* >>> *add: olcTLSCertificateFile* >>> *olcTLSCertificateFile: /etc/ldap/servercrt.pem* >>> *-* >>> *add: olcTLSCertificateKeyFile* >>> *olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem* >>> *-* >>> *add: olcTLSCipherSuite* >>> *olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2* >>> >>> using following command: >>> >>> ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f >>> mod_ssl.ldif >>> >>> i get ldap_result: Can't contact LDAP server (-1) error. >>> >>> Although LDAP is running. I can run following command i.e., >>> >>> ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w >>> 123 -b "dc=platalytics,dc=com" "objectclass=*" >>> >>> How can i make ldaps work? >>> >>> On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem < >>> <aneela@platalytics.com>aneela@platalytics.com> wrote: >>> >>>> Where i can find the logs? >>>> >>>> On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem < >>>> <aneela@platalytics.com>aneela@platalytics.com> wrote: >>>> >>>>> I wrote the above lines in olcDatabase={0}config.ldif file. When i >>>>> restart slapd it gets failed. >>>>> >>>>> >>>>> On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem < >>>>> <aneela@platalytics.com>aneela@platalytics.com> wrote: >>>>> >>>>>> Which file i need to write this in? >>>>>> >>>>>> On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah < >>>>>> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >>>>>> >>>>>>> On 18/08/2015 16:05, Aneela Saleem wrote: >>>>>>> >>>>>>> I have no slapd.conf. I have cn=conf >>>>>>> >>>>>>> On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah < >>>>>>> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >>>>>>> >>>>>>>> On 18/08/2015 15:51, Aneela Saleem wrote: >>>>>>>> >>>>>>>> Thanks Michael and Abdelkader. >>>>>>>> >>>>>>>> Abdelkaded the link you provided is for slapd.conf distribution. >>>>>>>> Can you please guide me how to do "cn=config" distribution? >>>>>>>> >>>>>>>> On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah < >>>>>>>> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >>>>>>>> >>>>>>>>> On 18/08/2015 15:41, Michael Ströder wrote: >>>>>>>>> >>>>>>>>>> Aneela Saleem wrote: >>>>>>>>>> >>>>>>>>>>> Can anyone please provide me some link for enabling "ldaps" >>>>>>>>>>> >>>>>>>>>> <http://www.openldap.org/doc/admin24/tls.html> >>>>>>>>>> http://www.openldap.org/doc/admin24/tls.html >>>>>>>>>> >>>>>>>>>> Ciao, Michael. >>>>>>>>>> >>>>>>>>>> or <http://www.openldap.org/faq/data/cache/185.html> >>>>>>>>> http://www.openldap.org/faq/data/cache/185.html >>>>>>>>> >>>>>>>>> regards >>>>>>>>> >>>>>>>> >>>>>>>> You can convert a slapd.conf to cn=config using slaptest >>>>>>>> >>>>>>>> slaptest -f path/to/slapd.conf -F path/to/slapd.d >>>>>>>> >>>>>>> >>>>>>> # cn=config >>>>>>> dn: cn=config >>>>>>> objectClass: olcGlobal >>>>>>> cn: config >>>>>>> ... >>>>>>> olcTLSCACertificateFile: /path/to/cacert >>>>>>> olcTLSCertificateFile: /path/to/cert >>>>>>> olcTLSCertificateKeyFile: /path/to/key >>>>>>> olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 >>>>>>> ... >>>>>>> >>>>>> >>>>>> >>>>> >>>> >>> Can you run >>> >>> ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389 >>> >>> >>> >> Ok, retry the "ldapmodify" command using >> >> ldapmodify -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 -f >> mod_ssl.ldif >> >> >> >> >

Reply

Abdelkader Chelouah

2:11 p.m.

On 19/08/2015 20:32, Aneela Saleem wrote:

Anyone there? Please help me getting out of this problem On Wed, Aug 19, 2015 at 1:29 AM, Aneela Saleem <aneela(a)platalytics.com <mailto:aneela@platalytics.com>> wrote: this is my /etc/ldap/ldap.conf file: BASE dc=platalytics,dc=com URI ldap://127.0.0.1 <http://127.0.0.1> TLS_CACERT /etc/ldap/cacert.pem On Wed, Aug 19, 2015 at 1:07 AM, Aneela Saleem <aneela(a)platalytics.com <mailto:aneela@platalytics.com>> wrote: Still i get following error: modifying entry "cn=config" ldap_result: Can't contact LDAP server (-1) On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader Chelouah <a.chelouah(a)gmail.com <mailto:a.chelouah@gmail.com>> wrote: On 18/08/2015 20:27, Aneela Saleem wrote: > I get following result > > ldap_initialize( ldap://localhost:389/??base ) > dn:cn=admin,cn=config > Result: Success (0) > > > On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah > <a.chelouah(a)gmail.com <mailto:a.chelouah@gmail.com>> wrote: > > On 18/08/2015 20:11, Aneela Saleem wrote: >> When i add below file i.e., ssl_mod.ldif >> * >> * >> *dn: cn=config* >> *changetype: modify* >> *add: olcTLSCACertificateFile* >> *olcTLSCACertificateFile: /etc/ldap/cacert.pem* >> *-* >> *add: olcTLSCertificateFile* >> *olcTLSCertificateFile: /etc/ldap/servercrt.pem* >> *-* >> *add: olcTLSCertificateKeyFile* >> *olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem* >> *-* >> *add: olcTLSCipherSuite* >> *olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2* >> * >> * >> using following command: >> >> ldapmodify -h localhost -p 389 -D >> "cn=admin,cn=config" -w 123 -f mod_ssl.ldif >> >> i get ldap_result: Can't contact LDAP server (-1) error. >> >> Although LDAP is running. I can run following >> command i.e., >> >> ldapsearch -h localhost -p 389 -D >> "cn=admin,dc=platalytics,dc=com" -w 123 -b >> "dc=platalytics,dc=com" "objectclass=*" >> >> How can i make ldaps work? >> >> On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem >> <aneela(a)platalytics.com >> <mailto:aneela@platalytics.com>> wrote: >> >> Where i can find the logs? >> >> On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem >> <aneela(a)platalytics.com >> <mailto:aneela@platalytics.com>> wrote: >> >> I wrote the above lines in >> olcDatabase={0}config.ldif file. When i >> restart slapd it gets failed. >> >> >> On Tue, Aug 18, 2015 at 7:14 PM, Aneela >> Saleem <aneela(a)platalytics.com >> <mailto:aneela@platalytics.com>> wrote: >> >> Which file i need to write this in? >> >> On Tue, Aug 18, 2015 at 7:09 PM, >> Abdelkader Chelouah >> <a.chelouah(a)gmail.com >> <mailto:a.chelouah@gmail.com>> wrote: >> >> On 18/08/2015 16:05, Aneela Saleem >> wrote: >>> I have no slapd.conf. I have cn=conf >>> >>> On Tue, Aug 18, 2015 at 6:54 PM, >>> Abdelkader Chelouah >>> <a.chelouah(a)gmail.com >>> <mailto:a.chelouah@gmail.com>> wrote: >>> >>> On 18/08/2015 15:51, Aneela >>> Saleem wrote: >>>> Thanks Michael and Abdelkader. >>>> >>>> Abdelkaded the link you >>>> provided is for slapd.conf >>>> distribution. Can you please >>>> guide me how to do "cn=config" >>>> distribution? >>>> >>>> On Tue, Aug 18, 2015 at 6:45 >>>> PM, Abdelkader Chelouah >>>> <a.chelouah(a)gmail.com >>>> <mailto:a.chelouah@gmail.com>> >>>> wrote: >>>> >>>> On 18/08/2015 15:41, >>>> Michael Ströder wrote: >>>> >>>> Aneela Saleem wrote: >>>> >>>> Can anyone please >>>> provide me some >>>> link for enabling >>>> "ldaps" >>>> >>>> http://www.openldap.org/doc/admin24/tls.html >>>> >>>> Ciao, Michael. >>>> >>>> or >>>> http://www.openldap.org/faq/data/cache/185.html >>>> >>>> regards >>>> >>>> >>> You can convert a slapd.conf to >>> cn=config using slaptest >>> >>> slaptest -f path/to/slapd.conf >>> -F path/to/slapd.d >>> >>> >> # cn=config >> dn: cn=config >> objectClass: olcGlobal >> cn: config >> ... >> olcTLSCACertificateFile: /path/to/cacert >> olcTLSCertificateFile: /path/to/cert >> olcTLSCertificateKeyFile: /path/to/key >> olcTLSCipherSuite: >> HIGH:MEDIUM:!SSLv3:!SSLv2 >> ... >> >> >> >> >> > Can you run > > ldapwhoami -vxD cn=admin,cn=config -w 123 -H > ldap://localhost:389 > > > Ok, retry the "ldapmodify" command using ldapmodify -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 -f mod_ssl.ldif

There is something wrong with your setup. 1/ Stops your instance 2/ Exports your configuration slapcat -F /path/to/slapd.d -n 0 -l config.ldif 3/ Performs the modification directly on config.ldif 4/ Removes the old configuration rm -rf /path/to/slapd.d/* 5/ Imports the new configuration slapadd -F /path/to/slapd.d -n 0 -l config.ldif 6/ Starts your instance

Reply

Aneela Saleem

2:19 p.m.

2/ Exports your configuration slapcat -F /path/to/slapd.d -n 0 -l config.ldif i get the following error: 55d4f273 ldif_read_file: checksum error on "/etc/ldap/slapd.d/cn=config/olcDatabase={0}config.ldif" On Thu, Aug 20, 2015 at 2:11 AM, Abdelkader Chelouah <a.chelouah(a)gmail.com> wrote:

On 19/08/2015 20:32, Aneela Saleem wrote: Anyone there? Please help me getting out of this problem On Wed, Aug 19, 2015 at 1:29 AM, Aneela Saleem <aneela(a)platalytics.com> wrote: > this is my /etc/ldap/ldap.conf file: > > BASE dc=platalytics,dc=com > > URI ldap://127.0.0.1 > > TLS_CACERT /etc/ldap/cacert.pem > > > On Wed, Aug 19, 2015 at 1:07 AM, Aneela Saleem < <aneela(a)platalytics.com> > aneela(a)platalytics.com> wrote: > >> Still i get following error: >> >> modifying entry "cn=config" >> ldap_result: Can't contact LDAP server (-1) >> >> >> On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader Chelouah < >> a.chelouah(a)gmail.com> wrote: >> >>> On 18/08/2015 20:27, Aneela Saleem wrote: >>> >>> I get following result >>> >>> ldap_initialize( ldap://localhost:389/??base ) >>> dn:cn=admin,cn=config >>> Result: Success (0) >>> >>> >>> On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah < >>> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >>> >>>> On 18/08/2015 20:11, Aneela Saleem wrote: >>>> >>>> When i add below file i.e., ssl_mod.ldif >>>> >>>> *dn: cn=config* >>>> *changetype: modify* >>>> *add: olcTLSCACertificateFile* >>>> *olcTLSCACertificateFile: /etc/ldap/cacert.pem* >>>> *-* >>>> *add: olcTLSCertificateFile* >>>> *olcTLSCertificateFile: /etc/ldap/servercrt.pem* >>>> *-* >>>> *add: olcTLSCertificateKeyFile* >>>> *olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem* >>>> *-* >>>> *add: olcTLSCipherSuite* >>>> *olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2* >>>> >>>> using following command: >>>> >>>> ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f >>>> mod_ssl.ldif >>>> >>>> i get ldap_result: Can't contact LDAP server (-1) error. >>>> >>>> Although LDAP is running. I can run following command i.e., >>>> >>>> ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w >>>> 123 -b "dc=platalytics,dc=com" "objectclass=*" >>>> >>>> How can i make ldaps work? >>>> >>>> On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem < >>>> <aneela@platalytics.com>aneela@platalytics.com> wrote: >>>> >>>>> Where i can find the logs? >>>>> >>>>> On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem < >>>>> <aneela@platalytics.com>aneela@platalytics.com> wrote: >>>>> >>>>>> I wrote the above lines in olcDatabase={0}config.ldif file. When i >>>>>> restart slapd it gets failed. >>>>>> >>>>>> >>>>>> On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem < >>>>>> <aneela@platalytics.com>aneela@platalytics.com> wrote: >>>>>> >>>>>>> Which file i need to write this in? >>>>>>> >>>>>>> On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah < >>>>>>> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >>>>>>> >>>>>>>> On 18/08/2015 16:05, Aneela Saleem wrote: >>>>>>>> >>>>>>>> I have no slapd.conf. I have cn=conf >>>>>>>> >>>>>>>> On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah < >>>>>>>> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >>>>>>>> >>>>>>>>> On 18/08/2015 15:51, Aneela Saleem wrote: >>>>>>>>> >>>>>>>>> Thanks Michael and Abdelkader. >>>>>>>>> >>>>>>>>> Abdelkaded the link you provided is for slapd.conf distribution. >>>>>>>>> Can you please guide me how to do "cn=config" distribution? >>>>>>>>> >>>>>>>>> On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah < >>>>>>>>> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >>>>>>>>> >>>>>>>>>> On 18/08/2015 15:41, Michael Ströder wrote: >>>>>>>>>> >>>>>>>>>>> Aneela Saleem wrote: >>>>>>>>>>> >>>>>>>>>>>> Can anyone please provide me some link for enabling "ldaps" >>>>>>>>>>>> >>>>>>>>>>> <http://www.openldap.org/doc/admin24/tls.html> >>>>>>>>>>> http://www.openldap.org/doc/admin24/tls.html >>>>>>>>>>> >>>>>>>>>>> Ciao, Michael. >>>>>>>>>>> >>>>>>>>>>> or <http://www.openldap.org/faq/data/cache/185.html> >>>>>>>>>> http://www.openldap.org/faq/data/cache/185.html >>>>>>>>>> >>>>>>>>>> regards >>>>>>>>>> >>>>>>>>> >>>>>>>>> You can convert a slapd.conf to cn=config using slaptest >>>>>>>>> >>>>>>>>> slaptest -f path/to/slapd.conf -F path/to/slapd.d >>>>>>>>> >>>>>>>> >>>>>>>> # cn=config >>>>>>>> dn: cn=config >>>>>>>> objectClass: olcGlobal >>>>>>>> cn: config >>>>>>>> ... >>>>>>>> olcTLSCACertificateFile: /path/to/cacert >>>>>>>> olcTLSCertificateFile: /path/to/cert >>>>>>>> olcTLSCertificateKeyFile: /path/to/key >>>>>>>> olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 >>>>>>>> ... >>>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>> >>>> Can you run >>>> >>>> ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389 >>>> >>>> >>>> >>> Ok, retry the "ldapmodify" command using >>> >>> ldapmodify -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 -f >>> mod_ssl.ldif >>> >>> >>> >>> >> > There is something wrong with your setup. 1/ Stops your instance 2/ Exports your configuration slapcat -F /path/to/slapd.d -n 0 -l config.ldif 3/ Performs the modification directly on config.ldif 4/ Removes the old configuration rm -rf /path/to/slapd.d/* 5/ Imports the new configuration slapadd -F /path/to/slapd.d -n 0 -l config.ldif 6/ Starts your instance

Reply

Quanah Gibson-Mount

2:28 p.m.

--On Thursday, August 20, 2015 3:19 AM +0500 Aneela Saleem <aneela(a)platalytics.com> wrote:

2/ Exports your configuration slapcat -F /path/to/slapd.d -n 0 -l config.ldif i get the following error: 55d4f273 ldif_read_file: checksum error on "/etc/ldap/slapd.d/cn=config/olcDatabase={0}config.ldif"

That's not an error, it is a warning. --Quanah -- Quanah Gibson-Mount Platform Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration

Reply

Craig White

2:37 p.m.

-----Original Message----- From: openldap-technical [mailto:openldap-technical-bounces@openldap.org] On Behalf Of Quanah Gibson-Mount Sent: Wednesday, August 19, 2015 2:28 PM To: Aneela Saleem; Abdelkader Chelouah Cc: Michael Ströder; openldap-technical(a)openldap.org Subject: Re: LDAP over SSL ( ldaps ) --On Thursday, August 20, 2015 3:19 AM +0500 Aneela Saleem <aneela(a)platalytics.com> wrote:

2/ Exports your configuration slapcat -F /path/to/slapd.d -n 0 -l config.ldif i get the following error: 55d4f273 ldif_read_file: checksum error on "/etc/ldap/slapd.d/cn=config/olcDatabase={0}config.ldif"

That's not an error, it is a warning. ---- And guaranteed to occur if you edit files within your slapd.d directly with a text editor despite the warnings at the top of the files telling you not to do that.

Reply

Aneela Saleem

Thursday, 20 August Thu, 20 Aug

8:30 a.m.

5/ Imports the new configuration slapadd -F /path/to/slapd.d -n 0 -l config.ldif I get the following error: slapadd: could not add entry dn="cn=config" (line=1): _ 1.03% eta none elapsed none spd 4.2 M/s Closing DB... On Thu, Aug 20, 2015 at 2:11 AM, Abdelkader Chelouah <a.chelouah(a)gmail.com> wrote:

On 19/08/2015 20:32, Aneela Saleem wrote: Anyone there? Please help me getting out of this problem On Wed, Aug 19, 2015 at 1:29 AM, Aneela Saleem <aneela(a)platalytics.com> wrote: > this is my /etc/ldap/ldap.conf file: > > BASE dc=platalytics,dc=com > > URI ldap://127.0.0.1 > > TLS_CACERT /etc/ldap/cacert.pem > > > On Wed, Aug 19, 2015 at 1:07 AM, Aneela Saleem < <aneela(a)platalytics.com> > aneela(a)platalytics.com> wrote: > >> Still i get following error: >> >> modifying entry "cn=config" >> ldap_result: Can't contact LDAP server (-1) >> >> >> On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader Chelouah < >> a.chelouah(a)gmail.com> wrote: >> >>> On 18/08/2015 20:27, Aneela Saleem wrote: >>> >>> I get following result >>> >>> ldap_initialize( ldap://localhost:389/??base ) >>> dn:cn=admin,cn=config >>> Result: Success (0) >>> >>> >>> On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah < >>> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >>> >>>> On 18/08/2015 20:11, Aneela Saleem wrote: >>>> >>>> When i add below file i.e., ssl_mod.ldif >>>> >>>> *dn: cn=config* >>>> *changetype: modify* >>>> *add: olcTLSCACertificateFile* >>>> *olcTLSCACertificateFile: /etc/ldap/cacert.pem* >>>> *-* >>>> *add: olcTLSCertificateFile* >>>> *olcTLSCertificateFile: /etc/ldap/servercrt.pem* >>>> *-* >>>> *add: olcTLSCertificateKeyFile* >>>> *olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem* >>>> *-* >>>> *add: olcTLSCipherSuite* >>>> *olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2* >>>> >>>> using following command: >>>> >>>> ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f >>>> mod_ssl.ldif >>>> >>>> i get ldap_result: Can't contact LDAP server (-1) error. >>>> >>>> Although LDAP is running. I can run following command i.e., >>>> >>>> ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w >>>> 123 -b "dc=platalytics,dc=com" "objectclass=*" >>>> >>>> How can i make ldaps work? >>>> >>>> On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem < >>>> <aneela@platalytics.com>aneela@platalytics.com> wrote: >>>> >>>>> Where i can find the logs? >>>>> >>>>> On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem < >>>>> <aneela@platalytics.com>aneela@platalytics.com> wrote: >>>>> >>>>>> I wrote the above lines in olcDatabase={0}config.ldif file. When i >>>>>> restart slapd it gets failed. >>>>>> >>>>>> >>>>>> On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem < >>>>>> <aneela@platalytics.com>aneela@platalytics.com> wrote: >>>>>> >>>>>>> Which file i need to write this in? >>>>>>> >>>>>>> On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah < >>>>>>> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >>>>>>> >>>>>>>> On 18/08/2015 16:05, Aneela Saleem wrote: >>>>>>>> >>>>>>>> I have no slapd.conf. I have cn=conf >>>>>>>> >>>>>>>> On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah < >>>>>>>> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >>>>>>>> >>>>>>>>> On 18/08/2015 15:51, Aneela Saleem wrote: >>>>>>>>> >>>>>>>>> Thanks Michael and Abdelkader. >>>>>>>>> >>>>>>>>> Abdelkaded the link you provided is for slapd.conf distribution. >>>>>>>>> Can you please guide me how to do "cn=config" distribution? >>>>>>>>> >>>>>>>>> On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah < >>>>>>>>> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >>>>>>>>> >>>>>>>>>> On 18/08/2015 15:41, Michael Ströder wrote: >>>>>>>>>> >>>>>>>>>>> Aneela Saleem wrote: >>>>>>>>>>> >>>>>>>>>>>> Can anyone please provide me some link for enabling "ldaps" >>>>>>>>>>>> >>>>>>>>>>> <http://www.openldap.org/doc/admin24/tls.html> >>>>>>>>>>> http://www.openldap.org/doc/admin24/tls.html >>>>>>>>>>> >>>>>>>>>>> Ciao, Michael. >>>>>>>>>>> >>>>>>>>>>> or <http://www.openldap.org/faq/data/cache/185.html> >>>>>>>>>> http://www.openldap.org/faq/data/cache/185.html >>>>>>>>>> >>>>>>>>>> regards >>>>>>>>>> >>>>>>>>> >>>>>>>>> You can convert a slapd.conf to cn=config using slaptest >>>>>>>>> >>>>>>>>> slaptest -f path/to/slapd.conf -F path/to/slapd.d >>>>>>>>> >>>>>>>> >>>>>>>> # cn=config >>>>>>>> dn: cn=config >>>>>>>> objectClass: olcGlobal >>>>>>>> cn: config >>>>>>>> ... >>>>>>>> olcTLSCACertificateFile: /path/to/cacert >>>>>>>> olcTLSCertificateFile: /path/to/cert >>>>>>>> olcTLSCertificateKeyFile: /path/to/key >>>>>>>> olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 >>>>>>>> ... >>>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>> >>>> Can you run >>>> >>>> ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389 >>>> >>>> >>>> >>> Ok, retry the "ldapmodify" command using >>> >>> ldapmodify -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 -f >>> mod_ssl.ldif >>> >>> >>> >>> >> > There is something wrong with your setup. 1/ Stops your instance 2/ Exports your configuration slapcat -F /path/to/slapd.d -n 0 -l config.ldif 3/ Performs the modification directly on config.ldif 4/ Removes the old configuration rm -rf /path/to/slapd.d/* 5/ Imports the new configuration slapadd -F /path/to/slapd.d -n 0 -l config.ldif 6/ Starts your instance

Reply

Aneela Saleem

9:23 a.m.

55d5ff01 str2entry: entry -1 has multiple DNs "cn=config" and "cn=module{0},cn=config" On Thu, Aug 20, 2015 at 8:30 PM, Aneela Saleem <aneela(a)platalytics.com> wrote:

5/ Imports the new configuration slapadd -F /path/to/slapd.d -n 0 -l config.ldif I get the following error: slapadd: could not add entry dn="cn=config" (line=1): _ 1.03% eta none elapsed none spd 4.2 M/s Closing DB... On Thu, Aug 20, 2015 at 2:11 AM, Abdelkader Chelouah <a.chelouah(a)gmail.com > wrote: > On 19/08/2015 20:32, Aneela Saleem wrote: > > Anyone there? Please help me getting out of this problem > > On Wed, Aug 19, 2015 at 1:29 AM, Aneela Saleem <aneela(a)platalytics.com> > wrote: > >> this is my /etc/ldap/ldap.conf file: >> >> BASE dc=platalytics,dc=com >> >> URI ldap://127.0.0.1 >> >> TLS_CACERT /etc/ldap/cacert.pem >> >> >> On Wed, Aug 19, 2015 at 1:07 AM, Aneela Saleem < >> <aneela@platalytics.com>aneela@platalytics.com> wrote: >> >>> Still i get following error: >>> >>> modifying entry "cn=config" >>> ldap_result: Can't contact LDAP server (-1) >>> >>> >>> On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader Chelouah < >>> a.chelouah(a)gmail.com> wrote: >>> >>>> On 18/08/2015 20:27, Aneela Saleem wrote: >>>> >>>> I get following result >>>> >>>> ldap_initialize( ldap://localhost:389/??base ) >>>> dn:cn=admin,cn=config >>>> Result: Success (0) >>>> >>>> >>>> On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah < >>>> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >>>> >>>>> On 18/08/2015 20:11, Aneela Saleem wrote: >>>>> >>>>> When i add below file i.e., ssl_mod.ldif >>>>> >>>>> *dn: cn=config* >>>>> *changetype: modify* >>>>> *add: olcTLSCACertificateFile* >>>>> *olcTLSCACertificateFile: /etc/ldap/cacert.pem* >>>>> *-* >>>>> *add: olcTLSCertificateFile* >>>>> *olcTLSCertificateFile: /etc/ldap/servercrt.pem* >>>>> *-* >>>>> *add: olcTLSCertificateKeyFile* >>>>> *olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem* >>>>> *-* >>>>> *add: olcTLSCipherSuite* >>>>> *olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2* >>>>> >>>>> using following command: >>>>> >>>>> ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f >>>>> mod_ssl.ldif >>>>> >>>>> i get ldap_result: Can't contact LDAP server (-1) error. >>>>> >>>>> Although LDAP is running. I can run following command i.e., >>>>> >>>>> ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w >>>>> 123 -b "dc=platalytics,dc=com" "objectclass=*" >>>>> >>>>> How can i make ldaps work? >>>>> >>>>> On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem < >>>>> <aneela@platalytics.com>aneela@platalytics.com> wrote: >>>>> >>>>>> Where i can find the logs? >>>>>> >>>>>> On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem < >>>>>> <aneela@platalytics.com>aneela@platalytics.com> wrote: >>>>>> >>>>>>> I wrote the above lines in olcDatabase={0}config.ldif file. When i >>>>>>> restart slapd it gets failed. >>>>>>> >>>>>>> >>>>>>> On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem < >>>>>>> <aneela@platalytics.com>aneela@platalytics.com> wrote: >>>>>>> >>>>>>>> Which file i need to write this in? >>>>>>>> >>>>>>>> On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah < >>>>>>>> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >>>>>>>> >>>>>>>>> On 18/08/2015 16:05, Aneela Saleem wrote: >>>>>>>>> >>>>>>>>> I have no slapd.conf. I have cn=conf >>>>>>>>> >>>>>>>>> On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah < >>>>>>>>> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >>>>>>>>> >>>>>>>>>> On 18/08/2015 15:51, Aneela Saleem wrote: >>>>>>>>>> >>>>>>>>>> Thanks Michael and Abdelkader. >>>>>>>>>> >>>>>>>>>> Abdelkaded the link you provided is for slapd.conf distribution. >>>>>>>>>> Can you please guide me how to do "cn=config" distribution? >>>>>>>>>> >>>>>>>>>> On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah < >>>>>>>>>> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >>>>>>>>>> >>>>>>>>>>> On 18/08/2015 15:41, Michael Ströder wrote: >>>>>>>>>>> >>>>>>>>>>>> Aneela Saleem wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Can anyone please provide me some link for enabling "ldaps" >>>>>>>>>>>>> >>>>>>>>>>>> <http://www.openldap.org/doc/admin24/tls.html> >>>>>>>>>>>> http://www.openldap.org/doc/admin24/tls.html >>>>>>>>>>>> >>>>>>>>>>>> Ciao, Michael. >>>>>>>>>>>> >>>>>>>>>>>> or <http://www.openldap.org/faq/data/cache/185.html> >>>>>>>>>>> http://www.openldap.org/faq/data/cache/185.html >>>>>>>>>>> >>>>>>>>>>> regards >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> You can convert a slapd.conf to cn=config using slaptest >>>>>>>>>> >>>>>>>>>> slaptest -f path/to/slapd.conf -F path/to/slapd.d >>>>>>>>>> >>>>>>>>> >>>>>>>>> # cn=config >>>>>>>>> dn: cn=config >>>>>>>>> objectClass: olcGlobal >>>>>>>>> cn: config >>>>>>>>> ... >>>>>>>>> olcTLSCACertificateFile: /path/to/cacert >>>>>>>>> olcTLSCertificateFile: /path/to/cert >>>>>>>>> olcTLSCertificateKeyFile: /path/to/key >>>>>>>>> olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 >>>>>>>>> ... >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>> Can you run >>>>> >>>>> ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389 >>>>> >>>>> >>>>> >>>> Ok, retry the "ldapmodify" command using >>>> >>>> ldapmodify -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 -f >>>> mod_ssl.ldif >>>> >>>> >>>> >>>> >>> >> > There is something wrong with your setup. > > 1/ Stops your instance > 2/ Exports your configuration > > slapcat -F /path/to/slapd.d -n 0 -l config.ldif > > 3/ Performs the modification directly on config.ldif > 4/ Removes the old configuration > > rm -rf /path/to/slapd.d/* > > 5/ Imports the new configuration > > slapadd -F /path/to/slapd.d -n 0 -l config.ldif > > 6/ Starts your instance >

Reply

Abdelkader Chelouah

10:39 a.m.

On 20/08/2015 18:23, Aneela Saleem wrote:

55d5ff01 str2entry: entry -1 has multiple DNs "cn=config" and "cn=module{0},cn=config" On Thu, Aug 20, 2015 at 8:30 PM, Aneela Saleem <aneela(a)platalytics.com <mailto:aneela@platalytics.com>> wrote: 5/ Imports the new configuration slapadd -F /path/to/slapd.d -n 0 -l config.ldif I get the following error: slapadd: could not add entry dn="cn=config" (line=1): _ 1.03% eta none elapsed none spd 4.2 M/s Closing DB... On Thu, Aug 20, 2015 at 2:11 AM, Abdelkader Chelouah <a.chelouah(a)gmail.com <mailto:a.chelouah@gmail.com>> wrote: On 19/08/2015 20:32, Aneela Saleem wrote: > Anyone there? Please help me getting out of this problem > > On Wed, Aug 19, 2015 at 1:29 AM, Aneela Saleem > <aneela(a)platalytics.com <mailto:aneela@platalytics.com>> wrote: > > this is my /etc/ldap/ldap.conf file: > > BASE dc=platalytics,dc=com > > URI ldap://127.0.0.1 <http://127.0.0.1> > > TLS_CACERT /etc/ldap/cacert.pem > > > On Wed, Aug 19, 2015 at 1:07 AM, Aneela Saleem > <aneela(a)platalytics.com <mailto:aneela@platalytics.com>> > wrote: > > Still i get following error: > > modifying entry "cn=config" > ldap_result: Can't contact LDAP server (-1) > > > On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader Chelouah > <a.chelouah(a)gmail.com <mailto:a.chelouah@gmail.com>> > wrote: > > On 18/08/2015 20:27, Aneela Saleem wrote: >> I get following result >> >> ldap_initialize( ldap://localhost:389/??base ) >> dn:cn=admin,cn=config >> Result: Success (0) >> >> >> On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader >> Chelouah <a.chelouah(a)gmail.com >> <mailto:a.chelouah@gmail.com>> wrote: >> >> On 18/08/2015 20:11, Aneela Saleem wrote: >>> When i add below file i.e., ssl_mod.ldif >>> * >>> * >>> *dn: cn=config* >>> *changetype: modify* >>> *add: olcTLSCACertificateFile* >>> *olcTLSCACertificateFile: /etc/ldap/cacert.pem* >>> *-* >>> *add: olcTLSCertificateFile* >>> *olcTLSCertificateFile: >>> /etc/ldap/servercrt.pem* >>> *-* >>> *add: olcTLSCertificateKeyFile* >>> *olcTLSCertificateKeyFile: >>> /etc/ldap/serverkey.pem* >>> *-* >>> *add: olcTLSCipherSuite* >>> *olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2* >>> * >>> * >>> using following command: >>> >>> ldapmodify -h localhost -p 389 -D >>> "cn=admin,cn=config" -w 123 -f mod_ssl.ldif >>> >>> i get ldap_result: Can't contact LDAP >>> server (-1) error. >>> >>> Although LDAP is running. I can run >>> following command i.e., >>> >>> ldapsearch -h localhost -p 389 -D >>> "cn=admin,dc=platalytics,dc=com" -w 123 -b >>> "dc=platalytics,dc=com" "objectclass=*" >>> >>> How can i make ldaps work? >>> >>> On Tue, Aug 18, 2015 at 7:37 PM, Aneela >>> Saleem <aneela(a)platalytics.com >>> <mailto:aneela@platalytics.com>> wrote: >>> >>> Where i can find the logs? >>> >>> On Tue, Aug 18, 2015 at 7:36 PM, Aneela >>> Saleem <aneela(a)platalytics.com >>> <mailto:aneela@platalytics.com>> wrote: >>> >>> I wrote the above lines in >>> olcDatabase={0}config.ldif file. >>> When i restart slapd it gets failed. >>> >>> >>> On Tue, Aug 18, 2015 at 7:14 PM, >>> Aneela Saleem >>> <aneela(a)platalytics.com >>> <mailto:aneela@platalytics.com>> wrote: >>> >>> Which file i need to write this in? >>> >>> On Tue, Aug 18, 2015 at 7:09 >>> PM, Abdelkader Chelouah >>> <a.chelouah(a)gmail.com >>> <mailto:a.chelouah@gmail.com>> >>> wrote: >>> >>> On 18/08/2015 16:05, Aneela >>> Saleem wrote: >>>> I have no slapd.conf. I >>>> have cn=conf >>>> >>>> On Tue, Aug 18, 2015 at >>>> 6:54 PM, Abdelkader >>>> Chelouah >>>> <a.chelouah(a)gmail.com >>>> <mailto:a.chelouah@gmail.com>> >>>> wrote: >>>> >>>> On 18/08/2015 15:51, >>>> Aneela Saleem wrote: >>>>> Thanks Michael and >>>>> Abdelkader. >>>>> >>>>> Abdelkaded the link >>>>> you provided is for >>>>> slapd.conf >>>>> distribution. Can you >>>>> please guide me how >>>>> to do "cn=config" >>>>> distribution? >>>>> >>>>> On Tue, Aug 18, 2015 >>>>> at 6:45 PM, >>>>> Abdelkader Chelouah >>>>> <a.chelouah(a)gmail.com >>>>> <mailto:a.chelouah@gmail.com>> >>>>> wrote: >>>>> >>>>> On 18/08/2015 >>>>> 15:41, Michael >>>>> Ströder wrote: >>>>> >>>>> Aneela Saleem >>>>> wrote: >>>>> >>>>> Can >>>>> anyone >>>>> please >>>>> provide >>>>> me some >>>>> link for >>>>> enabling >>>>> "ldaps" >>>>> >>>>> http://www.openldap.org/doc/admin24/tls.html >>>>> >>>>> Ciao, Michael. >>>>> >>>>> or >>>>> http://www.openldap.org/faq/data/cache/185.html >>>>> >>>>> regards >>>>> >>>>> >>>> You can convert a >>>> slapd.conf to >>>> cn=config using slaptest >>>> >>>> slaptest -f >>>> path/to/slapd.conf -F >>>> path/to/slapd.d >>>> >>>> >>> # cn=config >>> dn: cn=config >>> objectClass: olcGlobal >>> cn: config >>> ... >>> olcTLSCACertificateFile: >>> /path/to/cacert >>> olcTLSCertificateFile: >>> /path/to/cert >>> olcTLSCertificateKeyFile: >>> /path/to/key >>> olcTLSCipherSuite: >>> HIGH:MEDIUM:!SSLv3:!SSLv2 >>> ... >>> >>> >>> >>> >>> >> Can you run >> >> ldapwhoami -vxD cn=admin,cn=config -w 123 -H >> ldap://localhost:389 >> >> >> > Ok, retry the "ldapmodify" command using > > ldapmodify -xD cn=admin,cn=config -w 123 -H > ldap://localhost:389 -f mod_ssl.ldif > > > > > > There is something wrong with your setup. 1/ Stops your instance 2/ Exports your configuration slapcat -F /path/to/slapd.d -n 0 -l config.ldif 3/ Performs the modification directly on config.ldif 4/ Removes the old configuration rm -rf /path/to/slapd.d/* 5/ Imports the new configuration slapadd -F /path/to/slapd.d -n 0 -l config.ldif 6/ Starts your instance

Did you removed the content of /path/to/slapd.d ?

Reply

Aneela Saleem

10:54 a.m.

yes On Thu, Aug 20, 2015 at 10:39 PM, Abdelkader Chelouah <a.chelouah(a)gmail.com> wrote:

On 20/08/2015 18:23, Aneela Saleem wrote: 55d5ff01 str2entry: entry -1 has multiple DNs "cn=config" and "cn=module{0},cn=config" On Thu, Aug 20, 2015 at 8:30 PM, Aneela Saleem <aneela(a)platalytics.com> wrote: > 5/ Imports the new configuration > > slapadd -F /path/to/slapd.d -n 0 -l config.ldif > > I get the following error: > > slapadd: could not add entry dn="cn=config" (line=1): > _ 1.03% eta none elapsed none spd > 4.2 M/s > Closing DB... > > On Thu, Aug 20, 2015 at 2:11 AM, Abdelkader Chelouah < > <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: > >> On 19/08/2015 20:32, Aneela Saleem wrote: >> >> Anyone there? Please help me getting out of this problem >> >> On Wed, Aug 19, 2015 at 1:29 AM, Aneela Saleem < >> <aneela@platalytics.com>aneela@platalytics.com> wrote: >> >>> this is my /etc/ldap/ldap.conf file: >>> >>> BASE dc=platalytics,dc=com >>> >>> URI ldap://127.0.0.1 >>> >>> TLS_CACERT /etc/ldap/cacert.pem >>> >>> >>> On Wed, Aug 19, 2015 at 1:07 AM, Aneela Saleem < >>> <aneela@platalytics.com>aneela@platalytics.com> wrote: >>> >>>> Still i get following error: >>>> >>>> modifying entry "cn=config" >>>> ldap_result: Can't contact LDAP server (-1) >>>> >>>> >>>> On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader Chelouah < >>>> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >>>> >>>>> On 18/08/2015 20:27, Aneela Saleem wrote: >>>>> >>>>> I get following result >>>>> >>>>> ldap_initialize( ldap://localhost:389/??base ) >>>>> dn:cn=admin,cn=config >>>>> Result: Success (0) >>>>> >>>>> >>>>> On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah < >>>>> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >>>>> >>>>>> On 18/08/2015 20:11, Aneela Saleem wrote: >>>>>> >>>>>> When i add below file i.e., ssl_mod.ldif >>>>>> >>>>>> *dn: cn=config* >>>>>> *changetype: modify* >>>>>> *add: olcTLSCACertificateFile* >>>>>> *olcTLSCACertificateFile: /etc/ldap/cacert.pem* >>>>>> *-* >>>>>> *add: olcTLSCertificateFile* >>>>>> *olcTLSCertificateFile: /etc/ldap/servercrt.pem* >>>>>> *-* >>>>>> *add: olcTLSCertificateKeyFile* >>>>>> *olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem* >>>>>> *-* >>>>>> *add: olcTLSCipherSuite* >>>>>> *olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2* >>>>>> >>>>>> using following command: >>>>>> >>>>>> ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f >>>>>> mod_ssl.ldif >>>>>> >>>>>> i get ldap_result: Can't contact LDAP server (-1) error. >>>>>> >>>>>> Although LDAP is running. I can run following command i.e., >>>>>> >>>>>> ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" >>>>>> -w 123 -b "dc=platalytics,dc=com" "objectclass=*" >>>>>> >>>>>> How can i make ldaps work? >>>>>> >>>>>> On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem < >>>>>> <aneela@platalytics.com>aneela@platalytics.com> wrote: >>>>>> >>>>>>> Where i can find the logs? >>>>>>> >>>>>>> On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem < >>>>>>> <aneela@platalytics.com>aneela@platalytics.com> wrote: >>>>>>> >>>>>>>> I wrote the above lines in olcDatabase={0}config.ldif file. When i >>>>>>>> restart slapd it gets failed. >>>>>>>> >>>>>>>> >>>>>>>> On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem < >>>>>>>> <aneela@platalytics.com>aneela@platalytics.com> wrote: >>>>>>>> >>>>>>>>> Which file i need to write this in? >>>>>>>>> >>>>>>>>> On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah < >>>>>>>>> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >>>>>>>>> >>>>>>>>>> On 18/08/2015 16:05, Aneela Saleem wrote: >>>>>>>>>> >>>>>>>>>> I have no slapd.conf. I have cn=conf >>>>>>>>>> >>>>>>>>>> On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah < >>>>>>>>>> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >>>>>>>>>> >>>>>>>>>>> On 18/08/2015 15:51, Aneela Saleem wrote: >>>>>>>>>>> >>>>>>>>>>> Thanks Michael and Abdelkader. >>>>>>>>>>> >>>>>>>>>>> Abdelkaded the link you provided is for slapd.conf >>>>>>>>>>> distribution. Can you please guide me how to do "cn=config" distribution? >>>>>>>>>>> >>>>>>>>>>> On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah < >>>>>>>>>>> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >>>>>>>>>>> >>>>>>>>>>>> On 18/08/2015 15:41, Michael Ströder wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Aneela Saleem wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> Can anyone please provide me some link for enabling "ldaps" >>>>>>>>>>>>>> >>>>>>>>>>>>> <http://www.openldap.org/doc/admin24/tls.html> >>>>>>>>>>>>> http://www.openldap.org/doc/admin24/tls.html >>>>>>>>>>>>> >>>>>>>>>>>>> Ciao, Michael. >>>>>>>>>>>>> >>>>>>>>>>>>> or <http://www.openldap.org/faq/data/cache/185.html> >>>>>>>>>>>> http://www.openldap.org/faq/data/cache/185.html >>>>>>>>>>>> >>>>>>>>>>>> regards >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> You can convert a slapd.conf to cn=config using slaptest >>>>>>>>>>> >>>>>>>>>>> slaptest -f path/to/slapd.conf -F path/to/slapd.d >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> # cn=config >>>>>>>>>> dn: cn=config >>>>>>>>>> objectClass: olcGlobal >>>>>>>>>> cn: config >>>>>>>>>> ... >>>>>>>>>> olcTLSCACertificateFile: /path/to/cacert >>>>>>>>>> olcTLSCertificateFile: /path/to/cert >>>>>>>>>> olcTLSCertificateKeyFile: /path/to/key >>>>>>>>>> olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 >>>>>>>>>> ... >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>> Can you run >>>>>> >>>>>> ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389 >>>>>> >>>>>> >>>>>> >>>>> Ok, retry the "ldapmodify" command using >>>>> >>>>> ldapmodify -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 -f >>>>> mod_ssl.ldif >>>>> >>>>> >>>>> >>>>> >>>> >>> >> There is something wrong with your setup. >> >> 1/ Stops your instance >> 2/ Exports your configuration >> >> slapcat -F /path/to/slapd.d -n 0 -l config.ldif >> >> 3/ Performs the modification directly on config.ldif >> 4/ Removes the old configuration >> >> rm -rf /path/to/slapd.d/* >> >> 5/ Imports the new configuration >> >> slapadd -F /path/to/slapd.d -n 0 -l config.ldif >> >> 6/ Starts your instance >> > > Did you removed the content of /path/to/slapd.d ?

Reply

Aneela Saleem

11:36 a.m.

Hi Abdelkader, I tried following link http://rogermoffatt.com/2011/08/24/ubuntu-openldap-with-ssltls/ It worked. But don't you think setting "TLS_REQCERT never" kills the purpose of ssl. As client FQDN is not checked in this againt. On Thu, Aug 20, 2015 at 10:39 PM, Abdelkader Chelouah <a.chelouah(a)gmail.com> wrote:

On 20/08/2015 18:23, Aneela Saleem wrote: 55d5ff01 str2entry: entry -1 has multiple DNs "cn=config" and "cn=module{0},cn=config" On Thu, Aug 20, 2015 at 8:30 PM, Aneela Saleem <aneela(a)platalytics.com> wrote: > 5/ Imports the new configuration > > slapadd -F /path/to/slapd.d -n 0 -l config.ldif > > I get the following error: > > slapadd: could not add entry dn="cn=config" (line=1): > _ 1.03% eta none elapsed none spd > 4.2 M/s > Closing DB... > > On Thu, Aug 20, 2015 at 2:11 AM, Abdelkader Chelouah < > <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: > >> On 19/08/2015 20:32, Aneela Saleem wrote: >> >> Anyone there? Please help me getting out of this problem >> >> On Wed, Aug 19, 2015 at 1:29 AM, Aneela Saleem < >> <aneela@platalytics.com>aneela@platalytics.com> wrote: >> >>> this is my /etc/ldap/ldap.conf file: >>> >>> BASE dc=platalytics,dc=com >>> >>> URI ldap://127.0.0.1 >>> >>> TLS_CACERT /etc/ldap/cacert.pem >>> >>> >>> On Wed, Aug 19, 2015 at 1:07 AM, Aneela Saleem < >>> <aneela@platalytics.com>aneela@platalytics.com> wrote: >>> >>>> Still i get following error: >>>> >>>> modifying entry "cn=config" >>>> ldap_result: Can't contact LDAP server (-1) >>>> >>>> >>>> On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader Chelouah < >>>> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >>>> >>>>> On 18/08/2015 20:27, Aneela Saleem wrote: >>>>> >>>>> I get following result >>>>> >>>>> ldap_initialize( ldap://localhost:389/??base ) >>>>> dn:cn=admin,cn=config >>>>> Result: Success (0) >>>>> >>>>> >>>>> On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah < >>>>> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >>>>> >>>>>> On 18/08/2015 20:11, Aneela Saleem wrote: >>>>>> >>>>>> When i add below file i.e., ssl_mod.ldif >>>>>> >>>>>> *dn: cn=config* >>>>>> *changetype: modify* >>>>>> *add: olcTLSCACertificateFile* >>>>>> *olcTLSCACertificateFile: /etc/ldap/cacert.pem* >>>>>> *-* >>>>>> *add: olcTLSCertificateFile* >>>>>> *olcTLSCertificateFile: /etc/ldap/servercrt.pem* >>>>>> *-* >>>>>> *add: olcTLSCertificateKeyFile* >>>>>> *olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem* >>>>>> *-* >>>>>> *add: olcTLSCipherSuite* >>>>>> *olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2* >>>>>> >>>>>> using following command: >>>>>> >>>>>> ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f >>>>>> mod_ssl.ldif >>>>>> >>>>>> i get ldap_result: Can't contact LDAP server (-1) error. >>>>>> >>>>>> Although LDAP is running. I can run following command i.e., >>>>>> >>>>>> ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" >>>>>> -w 123 -b "dc=platalytics,dc=com" "objectclass=*" >>>>>> >>>>>> How can i make ldaps work? >>>>>> >>>>>> On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem < >>>>>> <aneela@platalytics.com>aneela@platalytics.com> wrote: >>>>>> >>>>>>> Where i can find the logs? >>>>>>> >>>>>>> On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem < >>>>>>> <aneela@platalytics.com>aneela@platalytics.com> wrote: >>>>>>> >>>>>>>> I wrote the above lines in olcDatabase={0}config.ldif file. When i >>>>>>>> restart slapd it gets failed. >>>>>>>> >>>>>>>> >>>>>>>> On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem < >>>>>>>> <aneela@platalytics.com>aneela@platalytics.com> wrote: >>>>>>>> >>>>>>>>> Which file i need to write this in? >>>>>>>>> >>>>>>>>> On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah < >>>>>>>>> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >>>>>>>>> >>>>>>>>>> On 18/08/2015 16:05, Aneela Saleem wrote: >>>>>>>>>> >>>>>>>>>> I have no slapd.conf. I have cn=conf >>>>>>>>>> >>>>>>>>>> On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah < >>>>>>>>>> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >>>>>>>>>> >>>>>>>>>>> On 18/08/2015 15:51, Aneela Saleem wrote: >>>>>>>>>>> >>>>>>>>>>> Thanks Michael and Abdelkader. >>>>>>>>>>> >>>>>>>>>>> Abdelkaded the link you provided is for slapd.conf >>>>>>>>>>> distribution. Can you please guide me how to do "cn=config" distribution? >>>>>>>>>>> >>>>>>>>>>> On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah < >>>>>>>>>>> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >>>>>>>>>>> >>>>>>>>>>>> On 18/08/2015 15:41, Michael Ströder wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Aneela Saleem wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> Can anyone please provide me some link for enabling "ldaps" >>>>>>>>>>>>>> >>>>>>>>>>>>> <http://www.openldap.org/doc/admin24/tls.html> >>>>>>>>>>>>> http://www.openldap.org/doc/admin24/tls.html >>>>>>>>>>>>> >>>>>>>>>>>>> Ciao, Michael. >>>>>>>>>>>>> >>>>>>>>>>>>> or <http://www.openldap.org/faq/data/cache/185.html> >>>>>>>>>>>> http://www.openldap.org/faq/data/cache/185.html >>>>>>>>>>>> >>>>>>>>>>>> regards >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> You can convert a slapd.conf to cn=config using slaptest >>>>>>>>>>> >>>>>>>>>>> slaptest -f path/to/slapd.conf -F path/to/slapd.d >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> # cn=config >>>>>>>>>> dn: cn=config >>>>>>>>>> objectClass: olcGlobal >>>>>>>>>> cn: config >>>>>>>>>> ... >>>>>>>>>> olcTLSCACertificateFile: /path/to/cacert >>>>>>>>>> olcTLSCertificateFile: /path/to/cert >>>>>>>>>> olcTLSCertificateKeyFile: /path/to/key >>>>>>>>>> olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 >>>>>>>>>> ... >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>> Can you run >>>>>> >>>>>> ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389 >>>>>> >>>>>> >>>>>> >>>>> Ok, retry the "ldapmodify" command using >>>>> >>>>> ldapmodify -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 -f >>>>> mod_ssl.ldif >>>>> >>>>> >>>>> >>>>> >>>> >>> >> There is something wrong with your setup. >> >> 1/ Stops your instance >> 2/ Exports your configuration >> >> slapcat -F /path/to/slapd.d -n 0 -l config.ldif >> >> 3/ Performs the modification directly on config.ldif >> 4/ Removes the old configuration >> >> rm -rf /path/to/slapd.d/* >> >> 5/ Imports the new configuration >> >> slapadd -F /path/to/slapd.d -n 0 -l config.ldif >> >> 6/ Starts your instance >> > > Did you removed the content of /path/to/slapd.d ?

Reply

Aneela Saleem

2:12 p.m.

Hi Abdelkader, I have changed my ldap.conf file to following: BASE dc=platalytics,dc=com URI ldaps://127.0.0.1 TLS_REQCERT demand TLS_CACERT /etc/ldap/cacert.pem I also works. Can you please verify is it correct approach? On Thu, Aug 20, 2015 at 11:36 PM, Aneela Saleem <aneela(a)platalytics.com> wrote:

Hi Abdelkader, I tried following link http://rogermoffatt.com/2011/08/24/ubuntu-openldap-with-ssltls/ It worked. But don't you think setting "TLS_REQCERT never" kills the purpose of ssl. As client FQDN is not checked in this againt. On Thu, Aug 20, 2015 at 10:39 PM, Abdelkader Chelouah < a.chelouah(a)gmail.com> wrote: > On 20/08/2015 18:23, Aneela Saleem wrote: > > 55d5ff01 str2entry: entry -1 has multiple DNs "cn=config" and > "cn=module{0},cn=config" > > > On Thu, Aug 20, 2015 at 8:30 PM, Aneela Saleem <aneela(a)platalytics.com> > wrote: > >> 5/ Imports the new configuration >> >> slapadd -F /path/to/slapd.d -n 0 -l config.ldif >> >> I get the following error: >> >> slapadd: could not add entry dn="cn=config" (line=1): >> _ 1.03% eta none elapsed none spd >> 4.2 M/s >> Closing DB... >> >> On Thu, Aug 20, 2015 at 2:11 AM, Abdelkader Chelouah < >> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >> >>> On 19/08/2015 20:32, Aneela Saleem wrote: >>> >>> Anyone there? Please help me getting out of this problem >>> >>> On Wed, Aug 19, 2015 at 1:29 AM, Aneela Saleem < >>> <aneela@platalytics.com>aneela@platalytics.com> wrote: >>> >>>> this is my /etc/ldap/ldap.conf file: >>>> >>>> BASE dc=platalytics,dc=com >>>> >>>> URI ldap://127.0.0.1 >>>> >>>> TLS_CACERT /etc/ldap/cacert.pem >>>> >>>> >>>> On Wed, Aug 19, 2015 at 1:07 AM, Aneela Saleem < >>>> <aneela@platalytics.com>aneela@platalytics.com> wrote: >>>> >>>>> Still i get following error: >>>>> >>>>> modifying entry "cn=config" >>>>> ldap_result: Can't contact LDAP server (-1) >>>>> >>>>> >>>>> On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader Chelouah < >>>>> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >>>>> >>>>>> On 18/08/2015 20:27, Aneela Saleem wrote: >>>>>> >>>>>> I get following result >>>>>> >>>>>> ldap_initialize( ldap://localhost:389/??base ) >>>>>> dn:cn=admin,cn=config >>>>>> Result: Success (0) >>>>>> >>>>>> >>>>>> On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah < >>>>>> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >>>>>> >>>>>>> On 18/08/2015 20:11, Aneela Saleem wrote: >>>>>>> >>>>>>> When i add below file i.e., ssl_mod.ldif >>>>>>> >>>>>>> *dn: cn=config* >>>>>>> *changetype: modify* >>>>>>> *add: olcTLSCACertificateFile* >>>>>>> *olcTLSCACertificateFile: /etc/ldap/cacert.pem* >>>>>>> *-* >>>>>>> *add: olcTLSCertificateFile* >>>>>>> *olcTLSCertificateFile: /etc/ldap/servercrt.pem* >>>>>>> *-* >>>>>>> *add: olcTLSCertificateKeyFile* >>>>>>> *olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem* >>>>>>> *-* >>>>>>> *add: olcTLSCipherSuite* >>>>>>> *olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2* >>>>>>> >>>>>>> using following command: >>>>>>> >>>>>>> ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f >>>>>>> mod_ssl.ldif >>>>>>> >>>>>>> i get ldap_result: Can't contact LDAP server (-1) error. >>>>>>> >>>>>>> Although LDAP is running. I can run following command i.e., >>>>>>> >>>>>>> ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" >>>>>>> -w 123 -b "dc=platalytics,dc=com" "objectclass=*" >>>>>>> >>>>>>> How can i make ldaps work? >>>>>>> >>>>>>> On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem < >>>>>>> <aneela@platalytics.com>aneela@platalytics.com> wrote: >>>>>>> >>>>>>>> Where i can find the logs? >>>>>>>> >>>>>>>> On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem < >>>>>>>> <aneela@platalytics.com>aneela@platalytics.com> wrote: >>>>>>>> >>>>>>>>> I wrote the above lines in olcDatabase={0}config.ldif file. When >>>>>>>>> i restart slapd it gets failed. >>>>>>>>> >>>>>>>>> >>>>>>>>> On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem < >>>>>>>>> <aneela@platalytics.com>aneela@platalytics.com> wrote: >>>>>>>>> >>>>>>>>>> Which file i need to write this in? >>>>>>>>>> >>>>>>>>>> On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah < >>>>>>>>>> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >>>>>>>>>> >>>>>>>>>>> On 18/08/2015 16:05, Aneela Saleem wrote: >>>>>>>>>>> >>>>>>>>>>> I have no slapd.conf. I have cn=conf >>>>>>>>>>> >>>>>>>>>>> On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah < >>>>>>>>>>> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >>>>>>>>>>> >>>>>>>>>>>> On 18/08/2015 15:51, Aneela Saleem wrote: >>>>>>>>>>>> >>>>>>>>>>>> Thanks Michael and Abdelkader. >>>>>>>>>>>> >>>>>>>>>>>> Abdelkaded the link you provided is for slapd.conf >>>>>>>>>>>> distribution. Can you please guide me how to do "cn=config" distribution? >>>>>>>>>>>> >>>>>>>>>>>> On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah < >>>>>>>>>>>> <a.chelouah@gmail.com>a.chelouah@gmail.com> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> On 18/08/2015 15:41, Michael Ströder wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> Aneela Saleem wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>>> Can anyone please provide me some link for enabling "ldaps" >>>>>>>>>>>>>>> >>>>>>>>>>>>>> <http://www.openldap.org/doc/admin24/tls.html> >>>>>>>>>>>>>> http://www.openldap.org/doc/admin24/tls.html >>>>>>>>>>>>>> >>>>>>>>>>>>>> Ciao, Michael. >>>>>>>>>>>>>> >>>>>>>>>>>>>> or <http://www.openldap.org/faq/data/cache/185.html> >>>>>>>>>>>>> http://www.openldap.org/faq/data/cache/185.html >>>>>>>>>>>>> >>>>>>>>>>>>> regards >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> You can convert a slapd.conf to cn=config using slaptest >>>>>>>>>>>> >>>>>>>>>>>> slaptest -f path/to/slapd.conf -F path/to/slapd.d >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> # cn=config >>>>>>>>>>> dn: cn=config >>>>>>>>>>> objectClass: olcGlobal >>>>>>>>>>> cn: config >>>>>>>>>>> ... >>>>>>>>>>> olcTLSCACertificateFile: /path/to/cacert >>>>>>>>>>> olcTLSCertificateFile: /path/to/cert >>>>>>>>>>> olcTLSCertificateKeyFile: /path/to/key >>>>>>>>>>> olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 >>>>>>>>>>> ... >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> Can you run >>>>>>> >>>>>>> ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389 >>>>>>> >>>>>>> >>>>>>> >>>>>> Ok, retry the "ldapmodify" command using >>>>>> >>>>>> ldapmodify -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 >>>>>> -f mod_ssl.ldif >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>> >>> There is something wrong with your setup. >>> >>> 1/ Stops your instance >>> 2/ Exports your configuration >>> >>> slapcat -F /path/to/slapd.d -n 0 -l config.ldif >>> >>> 3/ Performs the modification directly on config.ldif >>> 4/ Removes the old configuration >>> >>> rm -rf /path/to/slapd.d/* >>> >>> 5/ Imports the new configuration >>> >>> slapadd -F /path/to/slapd.d -n 0 -l config.ldif >>> >>> 6/ Starts your instance >>> >> >> > Did you removed the content of /path/to/slapd.d ? >

Reply

Abdelkader Chelouah

2:45 p.m.

The URI is not correct. You have to use the FQDN instead of 127.0.0.1, ie URI ldaps://FQDDN:PORT You can omit the PORT part if you use 636. On 20/08/2015 23:12, Aneela Saleem wrote:

Hi Abdelkader, I have changed my ldap.conf file to following: BASE dc=platalytics,dc=com URI ldaps://127.0.0.1 <http://127.0.0.1> TLS_REQCERT demand TLS_CACERT /etc/ldap/cacert.pem I also works. Can you please verify is it correct approach? On Thu, Aug 20, 2015 at 11:36 PM, Aneela Saleem <aneela(a)platalytics.com <mailto:aneela@platalytics.com>> wrote: Hi Abdelkader, I tried following link http://rogermoffatt.com/2011/08/24/ubuntu-openldap-with-ssltls/ It worked. But don't you think setting "TLS_REQCERT never" kills the purpose of ssl. As client FQDN is not checked in this againt. On Thu, Aug 20, 2015 at 10:39 PM, Abdelkader Chelouah <a.chelouah(a)gmail.com <mailto:a.chelouah@gmail.com>> wrote: On 20/08/2015 18:23, Aneela Saleem wrote: > 55d5ff01 str2entry: entry -1 has multiple DNs "cn=config" and > "cn=module{0},cn=config" > > > On Thu, Aug 20, 2015 at 8:30 PM, Aneela Saleem > <aneela(a)platalytics.com <mailto:aneela@platalytics.com>> wrote: > > 5/ Imports the new configuration > > slapadd -F /path/to/slapd.d -n 0 -l config.ldif > > I get the following error: > > slapadd: could not add entry dn="cn=config" (line=1): > _ 1.03% eta none elapsed none > spd 4.2 M/s > Closing DB... > > On Thu, Aug 20, 2015 at 2:11 AM, Abdelkader Chelouah > <a.chelouah(a)gmail.com <mailto:a.chelouah@gmail.com>> wrote: > > On 19/08/2015 20:32, Aneela Saleem wrote: >> Anyone there? Please help me getting out of this problem >> >> On Wed, Aug 19, 2015 at 1:29 AM, Aneela Saleem >> <aneela(a)platalytics.com >> <mailto:aneela@platalytics.com>> wrote: >> >> this is my /etc/ldap/ldap.conf file: >> >> BASE dc=platalytics,dc=com >> >> URI ldap://127.0.0.1 <http://127.0.0.1> >> >> TLS_CACERT /etc/ldap/cacert.pem >> >> >> On Wed, Aug 19, 2015 at 1:07 AM, Aneela Saleem >> <aneela(a)platalytics.com >> <mailto:aneela@platalytics.com>> wrote: >> >> Still i get following error: >> >> modifying entry "cn=config" >> ldap_result: Can't contact LDAP server (-1) >> >> >> On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader >> Chelouah <a.chelouah(a)gmail.com >> <mailto:a.chelouah@gmail.com>> wrote: >> >> On 18/08/2015 20:27, Aneela Saleem wrote: >>> I get following result >>> >>> ldap_initialize( >>> ldap://localhost:389/??base ) >>> dn:cn=admin,cn=config >>> Result: Success (0) >>> >>> >>> On Tue, Aug 18, 2015 at 11:24 PM, >>> Abdelkader Chelouah >>> <a.chelouah(a)gmail.com >>> <mailto:a.chelouah@gmail.com>> wrote: >>> >>> On 18/08/2015 20:11, Aneela Saleem >>> wrote: >>>> When i add below file i.e., >>>> ssl_mod.ldif >>>> * >>>> * >>>> *dn: cn=config* >>>> *changetype: modify* >>>> *add: olcTLSCACertificateFile* >>>> *olcTLSCACertificateFile: >>>> /etc/ldap/cacert.pem* >>>> *-* >>>> *add: olcTLSCertificateFile* >>>> *olcTLSCertificateFile: >>>> /etc/ldap/servercrt.pem* >>>> *-* >>>> *add: olcTLSCertificateKeyFile* >>>> *olcTLSCertificateKeyFile: >>>> /etc/ldap/serverkey.pem* >>>> *-* >>>> *add: olcTLSCipherSuite* >>>> *olcTLSCipherSuite: >>>> HIGH:MEDIUM:!SSLv3:!SSLv2* >>>> * >>>> * >>>> using following command: >>>> >>>> ldapmodify -h localhost -p 389 -D >>>> "cn=admin,cn=config" -w 123 -f >>>> mod_ssl.ldif >>>> >>>> i get ldap_result: Can't contact >>>> LDAP server (-1) error. >>>> >>>> Although LDAP is running. I can >>>> run following command i.e., >>>> >>>> ldapsearch -h localhost -p 389 -D >>>> "cn=admin,dc=platalytics,dc=com" >>>> -w 123 -b "dc=platalytics,dc=com" >>>> "objectclass=*" >>>> >>>> How can i make ldaps work? >>>> >>>> On Tue, Aug 18, 2015 at 7:37 PM, >>>> Aneela Saleem >>>> <aneela(a)platalytics.com >>>> <mailto:aneela@platalytics.com>> >>>> wrote: >>>> >>>> Where i can find the logs? >>>> >>>> On Tue, Aug 18, 2015 at 7:36 >>>> PM, Aneela Saleem >>>> <aneela(a)platalytics.com >>>> <mailto:aneela@platalytics.com>> >>>> wrote: >>>> >>>> I wrote the above lines in >>>> olcDatabase={0}config.ldif >>>> file. When i restart slapd >>>> it gets failed. >>>> >>>> >>>> On Tue, Aug 18, 2015 at >>>> 7:14 PM, Aneela Saleem >>>> <aneela(a)platalytics.com >>>> <mailto:aneela@platalytics.com>> >>>> wrote: >>>> >>>> Which file i need to >>>> write this in? >>>> >>>> On Tue, Aug 18, 2015 >>>> at 7:09 PM, Abdelkader >>>> Chelouah >>>> <a.chelouah(a)gmail.com >>>> <mailto:a.chelouah@gmail.com>> >>>> wrote: >>>> >>>> On 18/08/2015 >>>> 16:05, Aneela >>>> Saleem wrote: >>>>> I have no >>>>> slapd.conf. I >>>>> have cn=conf >>>>> >>>>> On Tue, Aug 18, >>>>> 2015 at 6:54 PM, >>>>> Abdelkader >>>>> Chelouah >>>>> <a.chelouah(a)gmail.com >>>>> <mailto:a.chelouah@gmail.com>> >>>>> wrote: >>>>> >>>>> On 18/08/2015 >>>>> 15:51, Aneela >>>>> Saleem wrote: >>>>>> Thanks >>>>>> Michael and >>>>>> Abdelkader. >>>>>> >>>>>> Abdelkaded >>>>>> the link you >>>>>> provided is >>>>>> for >>>>>> slapd.conf >>>>>> distribution. Can >>>>>> you please >>>>>> guide me how >>>>>> to do >>>>>> "cn=config" >>>>>> distribution? >>>>>> >>>>>> On Tue, Aug >>>>>> 18, 2015 at >>>>>> 6:45 PM, >>>>>> Abdelkader >>>>>> Chelouah >>>>>> <a.chelouah(a)gmail.com >>>>>> <mailto:a.chelouah@gmail.com>> >>>>>> wrote: >>>>>> >>>>>> On >>>>>> 18/08/2015 >>>>>> 15:41, >>>>>> Michael >>>>>> Ströder >>>>>> wrote: >>>>>> >>>>>> Aneela >>>>>> Saleem >>>>>> wrote: >>>>>> >>>>>> Can >>>>>> anyone >>>>>> please >>>>>> provide >>>>>> me >>>>>> some >>>>>> link >>>>>> for >>>>>> enabling >>>>>> "ldaps" >>>>>> >>>>>> http://www.openldap.org/doc/admin24/tls.html >>>>>> >>>>>> Ciao, Michael. >>>>>> >>>>>> or >>>>>> http://www.openldap.org/faq/data/cache/185.html >>>>>> >>>>>> regards >>>>>> >>>>>> >>>>> You can >>>>> convert a >>>>> slapd.conf to >>>>> cn=config >>>>> using slaptest >>>>> >>>>> slaptest -f >>>>> path/to/slapd.conf >>>>> -F >>>>> path/to/slapd.d >>>>> >>>>> >>>> # cn=config >>>> dn: cn=config >>>> objectClass: olcGlobal >>>> cn: config >>>> ... >>>> olcTLSCACertificateFile: >>>> /path/to/cacert >>>> olcTLSCertificateFile: >>>> /path/to/cert >>>> olcTLSCertificateKeyFile: >>>> /path/to/key >>>> olcTLSCipherSuite: >>>> HIGH:MEDIUM:!SSLv3:!SSLv2 >>>> ... >>>> >>>> >>>> >>>> >>>> >>> Can you run >>> >>> ldapwhoami -vxD cn=admin,cn=config >>> -w 123 -H ldap://localhost:389 >>> >>> >>> >> Ok, retry the "ldapmodify" command using >> >> ldapmodify -xD cn=admin,cn=config -w 123 >> -H ldap://localhost:389 -f mod_ssl.ldif >> >> >> >> >> >> > There is something wrong with your setup. > > 1/ Stops your instance > 2/ Exports your configuration > > slapcat -F /path/to/slapd.d -n 0 -l config.ldif > > 3/ Performs the modification directly on config.ldif > 4/ Removes the old configuration > > rm -rf /path/to/slapd.d/* > > 5/ Imports the new configuration > > slapadd -F /path/to/slapd.d -n 0 -l config.ldif > > 6/ Starts your instance > > > Did you removed the content of /path/to/slapd.d ?

Reply

Abdelkader Chelouah

Wednesday, 19 August Wed, 19 Aug

2:11 p.m.

On 19/08/2015 20:32, Aneela Saleem wrote:

Anyone there? Please help me getting out of this problem On Wed, Aug 19, 2015 at 1:29 AM, Aneela Saleem <aneela(a)platalytics.com <mailto:aneela@platalytics.com>> wrote: this is my /etc/ldap/ldap.conf file: BASE dc=platalytics,dc=com URI ldap://127.0.0.1 <http://127.0.0.1> TLS_CACERT /etc/ldap/cacert.pem On Wed, Aug 19, 2015 at 1:07 AM, Aneela Saleem <aneela(a)platalytics.com <mailto:aneela@platalytics.com>> wrote: Still i get following error: modifying entry "cn=config" ldap_result: Can't contact LDAP server (-1) On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader Chelouah <a.chelouah(a)gmail.com <mailto:a.chelouah@gmail.com>> wrote: On 18/08/2015 20:27, Aneela Saleem wrote: > I get following result > > ldap_initialize( ldap://localhost:389/??base ) > dn:cn=admin,cn=config > Result: Success (0) > > > On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah > <a.chelouah(a)gmail.com <mailto:a.chelouah@gmail.com>> wrote: > > On 18/08/2015 20:11, Aneela Saleem wrote: >> When i add below file i.e., ssl_mod.ldif >> * >> * >> *dn: cn=config* >> *changetype: modify* >> *add: olcTLSCACertificateFile* >> *olcTLSCACertificateFile: /etc/ldap/cacert.pem* >> *-* >> *add: olcTLSCertificateFile* >> *olcTLSCertificateFile: /etc/ldap/servercrt.pem* >> *-* >> *add: olcTLSCertificateKeyFile* >> *olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem* >> *-* >> *add: olcTLSCipherSuite* >> *olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2* >> * >> * >> using following command: >> >> ldapmodify -h localhost -p 389 -D >> "cn=admin,cn=config" -w 123 -f mod_ssl.ldif >> >> i get ldap_result: Can't contact LDAP server (-1) error. >> >> Although LDAP is running. I can run following >> command i.e., >> >> ldapsearch -h localhost -p 389 -D >> "cn=admin,dc=platalytics,dc=com" -w 123 -b >> "dc=platalytics,dc=com" "objectclass=*" >> >> How can i make ldaps work? >> >> On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem >> <aneela(a)platalytics.com >> <mailto:aneela@platalytics.com>> wrote: >> >> Where i can find the logs? >> >> On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem >> <aneela(a)platalytics.com >> <mailto:aneela@platalytics.com>> wrote: >> >> I wrote the above lines in >> olcDatabase={0}config.ldif file. When i >> restart slapd it gets failed. >> >> >> On Tue, Aug 18, 2015 at 7:14 PM, Aneela >> Saleem <aneela(a)platalytics.com >> <mailto:aneela@platalytics.com>> wrote: >> >> Which file i need to write this in? >> >> On Tue, Aug 18, 2015 at 7:09 PM, >> Abdelkader Chelouah >> <a.chelouah(a)gmail.com >> <mailto:a.chelouah@gmail.com>> wrote: >> >> On 18/08/2015 16:05, Aneela Saleem >> wrote: >>> I have no slapd.conf. I have cn=conf >>> >>> On Tue, Aug 18, 2015 at 6:54 PM, >>> Abdelkader Chelouah >>> <a.chelouah(a)gmail.com >>> <mailto:a.chelouah@gmail.com>> wrote: >>> >>> On 18/08/2015 15:51, Aneela >>> Saleem wrote: >>>> Thanks Michael and Abdelkader. >>>> >>>> Abdelkaded the link you >>>> provided is for slapd.conf >>>> distribution. Can you please >>>> guide me how to do "cn=config" >>>> distribution? >>>> >>>> On Tue, Aug 18, 2015 at 6:45 >>>> PM, Abdelkader Chelouah >>>> <a.chelouah(a)gmail.com >>>> <mailto:a.chelouah@gmail.com>> >>>> wrote: >>>> >>>> On 18/08/2015 15:41, >>>> Michael Ströder wrote: >>>> >>>> Aneela Saleem wrote: >>>> >>>> Can anyone please >>>> provide me some >>>> link for enabling >>>> "ldaps" >>>> >>>> http://www.openldap.org/doc/admin24/tls.html >>>> >>>> Ciao, Michael. >>>> >>>> or >>>> http://www.openldap.org/faq/data/cache/185.html >>>> >>>> regards >>>> >>>> >>> You can convert a slapd.conf to >>> cn=config using slaptest >>> >>> slaptest -f path/to/slapd.conf >>> -F path/to/slapd.d >>> >>> >> # cn=config >> dn: cn=config >> objectClass: olcGlobal >> cn: config >> ... >> olcTLSCACertificateFile: /path/to/cacert >> olcTLSCertificateFile: /path/to/cert >> olcTLSCertificateKeyFile: /path/to/key >> olcTLSCipherSuite: >> HIGH:MEDIUM:!SSLv3:!SSLv2 >> ... >> >> >> >> >> > Can you run > > ldapwhoami -vxD cn=admin,cn=config -w 123 -H > ldap://localhost:389 > > > Ok, retry the "ldapmodify" command using ldapmodify -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 -f mod_ssl.ldif

There is something wrong with your setup. 1/ Stops your instance 2/ Exports your configuration slapcat -F /path/to/slapd.d -n 0 -l config.ldif 3/ Performs the modification directly on config.ldif 4/ Removes the old configuration rm -rf /path/to/slapd.d/* 5/ Imports the new configuration slapadd -F /path/to/slapd.d -n 0 -l config.ldif 6/ Starts your instance

Reply

2723

days inactive

2725

days old

openldap-technical@openldap.org

Manage subscription

28 comments

5 participants

tags (0)

participants (5)

Abdelkader Chelouah
Aneela Saleem
Craig White
Michael Ströder
Quanah Gibson-Mount