Re: LDAP over SSL ( ldaps )

Aneela Saleem Tue, 18 Aug 2015 11:28:42 -0700

I get following result

ldap_initialize( ldap://localhost:389/??base )
dn:cn=admin,cn=config
Result: Success (0)



On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah <[email protected]>
wrote:

> On 18/08/2015 20:11, Aneela Saleem wrote:
>
> When i add below file i.e., ssl_mod.ldif
>
> *dn: cn=config*
> *changetype: modify*
> *add: olcTLSCACertificateFile*
> *olcTLSCACertificateFile: /etc/ldap/cacert.pem*
> *-*
> *add: olcTLSCertificateFile*
> *olcTLSCertificateFile: /etc/ldap/servercrt.pem*
> *-*
> *add: olcTLSCertificateKeyFile*
> *olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem*
> *-*
> *add: olcTLSCipherSuite*
> *olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2*
>
> using following command:
>
> ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f
> mod_ssl.ldif
>
> i get ldap_result: Can't contact LDAP server (-1) error.
>
> Although LDAP is running. I can run following command i.e.,
>
> ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w 123
> -b "dc=platalytics,dc=com" "objectclass=*"
>
> How can i make ldaps work?
>
> On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem <[email protected]>
> wrote:
>
>> Where i can find the logs?
>>
>> On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem < <[email protected]>
>> [email protected]> wrote:
>>
>>> I wrote the above lines in olcDatabase={0}config.ldif file. When i
>>> restart slapd it gets failed.
>>>
>>>
>>> On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem <[email protected]>
>>> wrote:
>>>
>>>> Which file i need to write this in?
>>>>
>>>> On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah <
>>>> <[email protected]>[email protected]> wrote:
>>>>
>>>>> On 18/08/2015 16:05, Aneela Saleem wrote:
>>>>>
>>>>> I have no slapd.conf. I have cn=conf
>>>>>
>>>>> On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah <
>>>>> <[email protected]>[email protected]> wrote:
>>>>>
>>>>>> On 18/08/2015 15:51, Aneela Saleem wrote:
>>>>>>
>>>>>> Thanks Michael and Abdelkader.
>>>>>>
>>>>>> Abdelkaded the link you provided is for slapd.conf distribution. Can
>>>>>> you please guide me how to do "cn=config" distribution?
>>>>>>
>>>>>> On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah <
>>>>>> <[email protected]>[email protected]> wrote:
>>>>>>
>>>>>>> On 18/08/2015 15:41, Michael Ströder wrote:
>>>>>>>
>>>>>>>> Aneela Saleem wrote:
>>>>>>>>
>>>>>>>>> Can anyone please provide me some link for enabling "ldaps"
>>>>>>>>>
>>>>>>>> <http://www.openldap.org/doc/admin24/tls.html>
>>>>>>>> http://www.openldap.org/doc/admin24/tls.html
>>>>>>>>
>>>>>>>> Ciao, Michael.
>>>>>>>>
>>>>>>>> or <http://www.openldap.org/faq/data/cache/185.html>
>>>>>>> http://www.openldap.org/faq/data/cache/185.html
>>>>>>>
>>>>>>> regards
>>>>>>>
>>>>>>
>>>>>> You can convert a slapd.conf to cn=config using slaptest
>>>>>>
>>>>>> slaptest -f path/to/slapd.conf -F path/to/slapd.d
>>>>>>
>>>>>
>>>>> # cn=config
>>>>> dn: cn=config
>>>>> objectClass: olcGlobal
>>>>> cn: config
>>>>> ...
>>>>> olcTLSCACertificateFile: /path/to/cacert
>>>>> olcTLSCertificateFile: /path/to/cert
>>>>> olcTLSCertificateKeyFile: /path/to/key
>>>>> olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2
>>>>> ...
>>>>>
>>>>
>>>>
>>>
>>
> Can you run
>
> ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389
>
>
>

Re: LDAP over SSL ( ldaps )

Reply via email to