this is my /etc/ldap/ldap.conf file: BASE dc=platalytics,dc=com
URI ldap://127.0.0.1 TLS_CACERT /etc/ldap/cacert.pem On Wed, Aug 19, 2015 at 1:07 AM, Aneela Saleem <[email protected]> wrote: > Still i get following error: > > modifying entry "cn=config" > ldap_result: Can't contact LDAP server (-1) > > > On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader Chelouah < > [email protected]> wrote: > >> On 18/08/2015 20:27, Aneela Saleem wrote: >> >> I get following result >> >> ldap_initialize( ldap://localhost:389/??base ) >> dn:cn=admin,cn=config >> Result: Success (0) >> >> >> On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah < >> <[email protected]>[email protected]> wrote: >> >>> On 18/08/2015 20:11, Aneela Saleem wrote: >>> >>> When i add below file i.e., ssl_mod.ldif >>> >>> *dn: cn=config* >>> *changetype: modify* >>> *add: olcTLSCACertificateFile* >>> *olcTLSCACertificateFile: /etc/ldap/cacert.pem* >>> *-* >>> *add: olcTLSCertificateFile* >>> *olcTLSCertificateFile: /etc/ldap/servercrt.pem* >>> *-* >>> *add: olcTLSCertificateKeyFile* >>> *olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem* >>> *-* >>> *add: olcTLSCipherSuite* >>> *olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2* >>> >>> using following command: >>> >>> ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f >>> mod_ssl.ldif >>> >>> i get ldap_result: Can't contact LDAP server (-1) error. >>> >>> Although LDAP is running. I can run following command i.e., >>> >>> ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w >>> 123 -b "dc=platalytics,dc=com" "objectclass=*" >>> >>> How can i make ldaps work? >>> >>> On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem < >>> <[email protected]>[email protected]> wrote: >>> >>>> Where i can find the logs? >>>> >>>> On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem < >>>> <[email protected]>[email protected]> wrote: >>>> >>>>> I wrote the above lines in olcDatabase={0}config.ldif file. When i >>>>> restart slapd it gets failed. >>>>> >>>>> >>>>> On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem < >>>>> <[email protected]>[email protected]> wrote: >>>>> >>>>>> Which file i need to write this in? >>>>>> >>>>>> On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah < >>>>>> <[email protected]>[email protected]> wrote: >>>>>> >>>>>>> On 18/08/2015 16:05, Aneela Saleem wrote: >>>>>>> >>>>>>> I have no slapd.conf. I have cn=conf >>>>>>> >>>>>>> On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah < >>>>>>> <[email protected]>[email protected]> wrote: >>>>>>> >>>>>>>> On 18/08/2015 15:51, Aneela Saleem wrote: >>>>>>>> >>>>>>>> Thanks Michael and Abdelkader. >>>>>>>> >>>>>>>> Abdelkaded the link you provided is for slapd.conf distribution. >>>>>>>> Can you please guide me how to do "cn=config" distribution? >>>>>>>> >>>>>>>> On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah < >>>>>>>> <[email protected]>[email protected]> wrote: >>>>>>>> >>>>>>>>> On 18/08/2015 15:41, Michael Ströder wrote: >>>>>>>>> >>>>>>>>>> Aneela Saleem wrote: >>>>>>>>>> >>>>>>>>>>> Can anyone please provide me some link for enabling "ldaps" >>>>>>>>>>> >>>>>>>>>> <http://www.openldap.org/doc/admin24/tls.html> >>>>>>>>>> http://www.openldap.org/doc/admin24/tls.html >>>>>>>>>> >>>>>>>>>> Ciao, Michael. >>>>>>>>>> >>>>>>>>>> or <http://www.openldap.org/faq/data/cache/185.html> >>>>>>>>> http://www.openldap.org/faq/data/cache/185.html >>>>>>>>> >>>>>>>>> regards >>>>>>>>> >>>>>>>> >>>>>>>> You can convert a slapd.conf to cn=config using slaptest >>>>>>>> >>>>>>>> slaptest -f path/to/slapd.conf -F path/to/slapd.d >>>>>>>> >>>>>>> >>>>>>> # cn=config >>>>>>> dn: cn=config >>>>>>> objectClass: olcGlobal >>>>>>> cn: config >>>>>>> ... >>>>>>> olcTLSCACertificateFile: /path/to/cacert >>>>>>> olcTLSCertificateFile: /path/to/cert >>>>>>> olcTLSCertificateKeyFile: /path/to/key >>>>>>> olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 >>>>>>> ... >>>>>>> >>>>>> >>>>>> >>>>> >>>> >>> Can you run >>> >>> ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389 >>> >>> >>> >> Ok, retry the "ldapmodify" command using >> >> ldapmodify -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 -f >> mod_ssl.ldif >> >> >> >> >
