Still i get following error: modifying entry "cn=config" ldap_result: Can't contact LDAP server (-1)
On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader Chelouah <[email protected]> wrote: > On 18/08/2015 20:27, Aneela Saleem wrote: > > I get following result > > ldap_initialize( ldap://localhost:389/??base ) > dn:cn=admin,cn=config > Result: Success (0) > > > On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah < > <[email protected]>[email protected]> wrote: > >> On 18/08/2015 20:11, Aneela Saleem wrote: >> >> When i add below file i.e., ssl_mod.ldif >> >> *dn: cn=config* >> *changetype: modify* >> *add: olcTLSCACertificateFile* >> *olcTLSCACertificateFile: /etc/ldap/cacert.pem* >> *-* >> *add: olcTLSCertificateFile* >> *olcTLSCertificateFile: /etc/ldap/servercrt.pem* >> *-* >> *add: olcTLSCertificateKeyFile* >> *olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem* >> *-* >> *add: olcTLSCipherSuite* >> *olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2* >> >> using following command: >> >> ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f >> mod_ssl.ldif >> >> i get ldap_result: Can't contact LDAP server (-1) error. >> >> Although LDAP is running. I can run following command i.e., >> >> ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w 123 >> -b "dc=platalytics,dc=com" "objectclass=*" >> >> How can i make ldaps work? >> >> On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem < <[email protected]> >> [email protected]> wrote: >> >>> Where i can find the logs? >>> >>> On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem < >>> <[email protected]>[email protected]> wrote: >>> >>>> I wrote the above lines in olcDatabase={0}config.ldif file. When i >>>> restart slapd it gets failed. >>>> >>>> >>>> On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem < >>>> <[email protected]>[email protected]> wrote: >>>> >>>>> Which file i need to write this in? >>>>> >>>>> On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah < >>>>> <[email protected]>[email protected]> wrote: >>>>> >>>>>> On 18/08/2015 16:05, Aneela Saleem wrote: >>>>>> >>>>>> I have no slapd.conf. I have cn=conf >>>>>> >>>>>> On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah < >>>>>> <[email protected]>[email protected]> wrote: >>>>>> >>>>>>> On 18/08/2015 15:51, Aneela Saleem wrote: >>>>>>> >>>>>>> Thanks Michael and Abdelkader. >>>>>>> >>>>>>> Abdelkaded the link you provided is for slapd.conf distribution. Can >>>>>>> you please guide me how to do "cn=config" distribution? >>>>>>> >>>>>>> On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah < >>>>>>> <[email protected]>[email protected]> wrote: >>>>>>> >>>>>>>> On 18/08/2015 15:41, Michael Ströder wrote: >>>>>>>> >>>>>>>>> Aneela Saleem wrote: >>>>>>>>> >>>>>>>>>> Can anyone please provide me some link for enabling "ldaps" >>>>>>>>>> >>>>>>>>> <http://www.openldap.org/doc/admin24/tls.html> >>>>>>>>> http://www.openldap.org/doc/admin24/tls.html >>>>>>>>> >>>>>>>>> Ciao, Michael. >>>>>>>>> >>>>>>>>> or <http://www.openldap.org/faq/data/cache/185.html> >>>>>>>> http://www.openldap.org/faq/data/cache/185.html >>>>>>>> >>>>>>>> regards >>>>>>>> >>>>>>> >>>>>>> You can convert a slapd.conf to cn=config using slaptest >>>>>>> >>>>>>> slaptest -f path/to/slapd.conf -F path/to/slapd.d >>>>>>> >>>>>> >>>>>> # cn=config >>>>>> dn: cn=config >>>>>> objectClass: olcGlobal >>>>>> cn: config >>>>>> ... >>>>>> olcTLSCACertificateFile: /path/to/cacert >>>>>> olcTLSCertificateFile: /path/to/cert >>>>>> olcTLSCertificateKeyFile: /path/to/key >>>>>> olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 >>>>>> ... >>>>>> >>>>> >>>>> >>>> >>> >> Can you run >> >> ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389 >> >> >> > Ok, retry the "ldapmodify" command using > > ldapmodify -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 -f > mod_ssl.ldif > > > >
