Anyone there? Please help me getting out of this problem On Wed, Aug 19, 2015 at 1:29 AM, Aneela Saleem <[email protected]> wrote:
> this is my /etc/ldap/ldap.conf file: > > BASE dc=platalytics,dc=com > > URI ldap://127.0.0.1 > > TLS_CACERT /etc/ldap/cacert.pem > > > On Wed, Aug 19, 2015 at 1:07 AM, Aneela Saleem <[email protected]> > wrote: > >> Still i get following error: >> >> modifying entry "cn=config" >> ldap_result: Can't contact LDAP server (-1) >> >> >> On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader Chelouah < >> [email protected]> wrote: >> >>> On 18/08/2015 20:27, Aneela Saleem wrote: >>> >>> I get following result >>> >>> ldap_initialize( ldap://localhost:389/??base ) >>> dn:cn=admin,cn=config >>> Result: Success (0) >>> >>> >>> On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah < >>> <[email protected]>[email protected]> wrote: >>> >>>> On 18/08/2015 20:11, Aneela Saleem wrote: >>>> >>>> When i add below file i.e., ssl_mod.ldif >>>> >>>> *dn: cn=config* >>>> *changetype: modify* >>>> *add: olcTLSCACertificateFile* >>>> *olcTLSCACertificateFile: /etc/ldap/cacert.pem* >>>> *-* >>>> *add: olcTLSCertificateFile* >>>> *olcTLSCertificateFile: /etc/ldap/servercrt.pem* >>>> *-* >>>> *add: olcTLSCertificateKeyFile* >>>> *olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem* >>>> *-* >>>> *add: olcTLSCipherSuite* >>>> *olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2* >>>> >>>> using following command: >>>> >>>> ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f >>>> mod_ssl.ldif >>>> >>>> i get ldap_result: Can't contact LDAP server (-1) error. >>>> >>>> Although LDAP is running. I can run following command i.e., >>>> >>>> ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w >>>> 123 -b "dc=platalytics,dc=com" "objectclass=*" >>>> >>>> How can i make ldaps work? >>>> >>>> On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem < >>>> <[email protected]>[email protected]> wrote: >>>> >>>>> Where i can find the logs? >>>>> >>>>> On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem < >>>>> <[email protected]>[email protected]> wrote: >>>>> >>>>>> I wrote the above lines in olcDatabase={0}config.ldif file. When i >>>>>> restart slapd it gets failed. >>>>>> >>>>>> >>>>>> On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem < >>>>>> <[email protected]>[email protected]> wrote: >>>>>> >>>>>>> Which file i need to write this in? >>>>>>> >>>>>>> On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah < >>>>>>> <[email protected]>[email protected]> wrote: >>>>>>> >>>>>>>> On 18/08/2015 16:05, Aneela Saleem wrote: >>>>>>>> >>>>>>>> I have no slapd.conf. I have cn=conf >>>>>>>> >>>>>>>> On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah < >>>>>>>> <[email protected]>[email protected]> wrote: >>>>>>>> >>>>>>>>> On 18/08/2015 15:51, Aneela Saleem wrote: >>>>>>>>> >>>>>>>>> Thanks Michael and Abdelkader. >>>>>>>>> >>>>>>>>> Abdelkaded the link you provided is for slapd.conf distribution. >>>>>>>>> Can you please guide me how to do "cn=config" distribution? >>>>>>>>> >>>>>>>>> On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah < >>>>>>>>> <[email protected]>[email protected]> wrote: >>>>>>>>> >>>>>>>>>> On 18/08/2015 15:41, Michael Ströder wrote: >>>>>>>>>> >>>>>>>>>>> Aneela Saleem wrote: >>>>>>>>>>> >>>>>>>>>>>> Can anyone please provide me some link for enabling "ldaps" >>>>>>>>>>>> >>>>>>>>>>> <http://www.openldap.org/doc/admin24/tls.html> >>>>>>>>>>> http://www.openldap.org/doc/admin24/tls.html >>>>>>>>>>> >>>>>>>>>>> Ciao, Michael. >>>>>>>>>>> >>>>>>>>>>> or <http://www.openldap.org/faq/data/cache/185.html> >>>>>>>>>> http://www.openldap.org/faq/data/cache/185.html >>>>>>>>>> >>>>>>>>>> regards >>>>>>>>>> >>>>>>>>> >>>>>>>>> You can convert a slapd.conf to cn=config using slaptest >>>>>>>>> >>>>>>>>> slaptest -f path/to/slapd.conf -F path/to/slapd.d >>>>>>>>> >>>>>>>> >>>>>>>> # cn=config >>>>>>>> dn: cn=config >>>>>>>> objectClass: olcGlobal >>>>>>>> cn: config >>>>>>>> ... >>>>>>>> olcTLSCACertificateFile: /path/to/cacert >>>>>>>> olcTLSCertificateFile: /path/to/cert >>>>>>>> olcTLSCertificateKeyFile: /path/to/key >>>>>>>> olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 >>>>>>>> ... >>>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>> >>>> Can you run >>>> >>>> ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389 >>>> >>>> >>>> >>> Ok, retry the "ldapmodify" command using >>> >>> ldapmodify -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 -f >>> mod_ssl.ldif >>> >>> >>> >>> >> >
