Tail –f /var/log/messages Has most of the ldap messages, You also may have a :
/var/log/localmessages If you are running a client on the server machine, the client info will be mixed in with the server info on /var/log/messages. I believe you will only get the server [slapd] on localmessages You have to choose either ldap [port 389] with tls, Or Ldaps [port 636] I am assuming you have a tls_cacert and either a uri with ldap://... Or ldaps:// As appropriate, in /etc/ldap.conf of the client machine. On 10/27/11 10:23 AM, "Daniel Qian" <[email protected]> wrote: > On 11-10-26 11:28 PM, Dan White wrote: >> On 26/10/11 22:53 -0400, Braden McDaniel wrote: >> >>> I am trying to get OpenLDAP (2.4.24) working with NSS on Fedora 15. In >>> cn=config.ldif I have: >>> >>> olcTLSCACertificatePath: /etc/pki/nssdb >>> olcTLSCertificateFile: endoframe >>> >>> I have used certutil to create a self-signed certificate: >>> >>> # certutil -d /etc/pki/nssdb -L >>> >>> Certificate Nickname Trust >>> Attributes >>> >>> SSL,S/MIME,JAR/XPI >>> >>> endoframe >>> Cu,Cu,Cu >>> >>> But this doesn't appear to be working: >>> >>> $ ldapsearch -H ldaps://rail -b dc=endoframe,dc=net -x -d1 >>> ldap_url_parse_ext(ldaps://rail) >>> ldap_create >>> ldap_url_parse_ext(ldaps://rail:636/??base) >>> ldap_sasl_bind >>> ldap_send_initial_request >>> ldap_new_connection 1 1 0 >>> ldap_int_open_connection >>> ldap_connect_to_host: TCP rail:636 >>> ldap_new_socket: 3 >>> ldap_prepare_socket: 3 >>> ldap_connect_to_host: Trying ::1 636 >>> ldap_pvt_connect: fd: 3 tm: -1 async: 0 >>> ldap_close_socket: 3 >>> ldap_new_socket: 3 >>> ldap_prepare_socket: 3 >>> ldap_connect_to_host: Trying 127.0.0.1:636 >>> ldap_pvt_connect: fd: 3 tm: -1 async: 0 >>> ldap_close_socket: 3 >>> ldap_err2string >>> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) >>> >>> slapd is running: >>> >>> # systemctl status slapd.service >>> slapd.service - LSB: starts and stopd OpenLDAP server daemon >>> Loaded: loaded (/etc/rc.d/init.d/slapd) >>> Active: active (running) since Wed, 05 Oct 2011 02:24:11 >>> -0400; 3 weeks and 0 days ago >>> Main PID: 1429 (slapd) >>> CGroup: name=systemd:/system/slapd.service >>> └ 1429 /usr/sbin/slapd -h ldap:/// -u ldap >>> >>> Any ideas of what I might be doing wrong, or where I should be looking >>> to debug this? >>> >> >> slapd was not started with the proper options to listen on ldaps:/// (port >> 636). >> >> Your -h command line option should include it, e.g. '-h ldap:/// >> ldaps:///'. See slapd(8) for more details. >> >> > > There is a control file on Fedora 15 for ldaps or tls > > cat /etc/sysconfig/ldap > > # Options of slapd (see man slapd) > #SLAPD_OPTIONS= > > # At least one of SLAPD_LDAP, SLAPD_LDAPI and SLAPD_LDAPS must be set to > 'yes'! > # > # Run slapd with -h "... ldap:/// ..." > # yes/no, default: yes > #SLAPD_LDAP=yes > > # Run slapd with -h "... ldapi:/// ..." > # yes/no, default: no > #SLAPD_LDAPI=no > > # Run slapd with -h "... ldaps:/// ..." > # yes/no, default: no > #SLAPD_LDAPS=no > SLAPD_LDAPS=yes > > # Run slapd with -h "... $SLAPD_URLS ..." > # This option could be used instead of previous three ones, but: > # - it doesn't overwrite settings of $SLAPD_LDAP, $SLAPD_LDAPS and > $SLAPD_LDAPI options > # - it isn't overwritten by settings of $SLAPD_LDAP, $SLAPD_LDAPS and > $SLAPD_LDAPI options > # example: SLAPD_URLS="ldapi:///var/lib/ldap_root/ldapi ldapi:/// ldaps:///" > # default: empty > #SLAPD_URLS="" > > # Maximum allowed time to wait for slapd shutdown on 'service ldap stop' (in > seconds) > #SLAPD_SHUTDOWN_TIMEOUT=3 > > # Parameters to ulimit, use to change system limits for slapd > #SLAPD_ULIMIT_SETTINGS="" > > > >
