When i add below file i.e., ssl_mod.ldif *dn: cn=config* *changetype: modify* *add: olcTLSCACertificateFile* *olcTLSCACertificateFile: /etc/ldap/cacert.pem* *-* *add: olcTLSCertificateFile* *olcTLSCertificateFile: /etc/ldap/servercrt.pem* *-* *add: olcTLSCertificateKeyFile* *olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem* *-* *add: olcTLSCipherSuite* *olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2*
using following command: ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f mod_ssl.ldif i get ldap_result: Can't contact LDAP server (-1) error. Although LDAP is running. I can run following command i.e., ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w 123 -b "dc=platalytics,dc=com" "objectclass=*" How can i make ldaps work? On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem <[email protected]> wrote: > Where i can find the logs? > > On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem <[email protected]> > wrote: > >> I wrote the above lines in olcDatabase={0}config.ldif file. When i >> restart slapd it gets failed. >> >> >> On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem <[email protected]> >> wrote: >> >>> Which file i need to write this in? >>> >>> On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah < >>> [email protected]> wrote: >>> >>>> On 18/08/2015 16:05, Aneela Saleem wrote: >>>> >>>> I have no slapd.conf. I have cn=conf >>>> >>>> On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah < >>>> <[email protected]>[email protected]> wrote: >>>> >>>>> On 18/08/2015 15:51, Aneela Saleem wrote: >>>>> >>>>> Thanks Michael and Abdelkader. >>>>> >>>>> Abdelkaded the link you provided is for slapd.conf distribution. Can >>>>> you please guide me how to do "cn=config" distribution? >>>>> >>>>> On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah < >>>>> <[email protected]>[email protected]> wrote: >>>>> >>>>>> On 18/08/2015 15:41, Michael Ströder wrote: >>>>>> >>>>>>> Aneela Saleem wrote: >>>>>>> >>>>>>>> Can anyone please provide me some link for enabling "ldaps" >>>>>>>> >>>>>>> http://www.openldap.org/doc/admin24/tls.html >>>>>>> >>>>>>> Ciao, Michael. >>>>>>> >>>>>>> or http://www.openldap.org/faq/data/cache/185.html >>>>>> >>>>>> regards >>>>>> >>>>> >>>>> You can convert a slapd.conf to cn=config using slaptest >>>>> >>>>> slaptest -f path/to/slapd.conf -F path/to/slapd.d >>>>> >>>> >>>> # cn=config >>>> dn: cn=config >>>> objectClass: olcGlobal >>>> cn: config >>>> ... >>>> olcTLSCACertificateFile: /path/to/cacert >>>> olcTLSCertificateFile: /path/to/cert >>>> olcTLSCertificateKeyFile: /path/to/key >>>> olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 >>>> ... >>>> >>> >>> >> >
