The URI is not correct. You have to use the FQDN instead of 127.0.0.1, ie
URI ldaps://FQDDN:PORT
You can omit the PORT part if you use 636.
On 20/08/2015 23:12, Aneela Saleem wrote:
Hi Abdelkader,
I have changed my ldap.conf file to following:
BASE dc=platalytics,dc=com
URI ldaps://127.0.0.1 <http://127.0.0.1>
TLS_REQCERT demand
TLS_CACERT /etc/ldap/cacert.pem
I also works.
Can you please verify is it correct approach?
On Thu, Aug 20, 2015 at 11:36 PM, Aneela Saleem
<[email protected] <mailto:[email protected]>> wrote:
Hi Abdelkader,
I tried following link
http://rogermoffatt.com/2011/08/24/ubuntu-openldap-with-ssltls/
It worked. But don't you think setting "TLS_REQCERT never" kills
the purpose of ssl. As client FQDN is not checked in this againt.
On Thu, Aug 20, 2015 at 10:39 PM, Abdelkader Chelouah
<[email protected] <mailto:[email protected]>> wrote:
On 20/08/2015 18:23, Aneela Saleem wrote:
55d5ff01 str2entry: entry -1 has multiple DNs "cn=config" and
"cn=module{0},cn=config"
On Thu, Aug 20, 2015 at 8:30 PM, Aneela Saleem
<[email protected] <mailto:[email protected]>> wrote:
5/ Imports the new configuration
slapadd -F /path/to/slapd.d -n 0 -l config.ldif
I get the following error:
slapadd: could not add entry dn="cn=config" (line=1):
_ 1.03% eta none elapsed none
spd 4.2 M/s
Closing DB...
On Thu, Aug 20, 2015 at 2:11 AM, Abdelkader Chelouah
<[email protected] <mailto:[email protected]>> wrote:
On 19/08/2015 20:32, Aneela Saleem wrote:
Anyone there? Please help me getting out of this problem
On Wed, Aug 19, 2015 at 1:29 AM, Aneela Saleem
<[email protected]
<mailto:[email protected]>> wrote:
this is my /etc/ldap/ldap.conf file:
BASE dc=platalytics,dc=com
URI ldap://127.0.0.1 <http://127.0.0.1>
TLS_CACERT /etc/ldap/cacert.pem
On Wed, Aug 19, 2015 at 1:07 AM, Aneela Saleem
<[email protected]
<mailto:[email protected]>> wrote:
Still i get following error:
modifying entry "cn=config"
ldap_result: Can't contact LDAP server (-1)
On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader
Chelouah <[email protected]
<mailto:[email protected]>> wrote:
On 18/08/2015 20:27, Aneela Saleem wrote:
I get following result
ldap_initialize(
ldap://localhost:389/??base )
dn:cn=admin,cn=config
Result: Success (0)
On Tue, Aug 18, 2015 at 11:24 PM,
Abdelkader Chelouah
<[email protected]
<mailto:[email protected]>> wrote:
On 18/08/2015 20:11, Aneela Saleem
wrote:
When i add below file i.e.,
ssl_mod.ldif
*
*
*dn: cn=config*
*changetype: modify*
*add: olcTLSCACertificateFile*
*olcTLSCACertificateFile:
/etc/ldap/cacert.pem*
*-*
*add: olcTLSCertificateFile*
*olcTLSCertificateFile:
/etc/ldap/servercrt.pem*
*-*
*add: olcTLSCertificateKeyFile*
*olcTLSCertificateKeyFile:
/etc/ldap/serverkey.pem*
*-*
*add: olcTLSCipherSuite*
*olcTLSCipherSuite:
HIGH:MEDIUM:!SSLv3:!SSLv2*
*
*
using following command:
ldapmodify -h localhost -p 389 -D
"cn=admin,cn=config" -w 123 -f
mod_ssl.ldif
i get ldap_result: Can't contact
LDAP server (-1) error.
Although LDAP is running. I can
run following command i.e.,
ldapsearch -h localhost -p 389 -D
"cn=admin,dc=platalytics,dc=com"
-w 123 -b "dc=platalytics,dc=com"
"objectclass=*"
How can i make ldaps work?
On Tue, Aug 18, 2015 at 7:37 PM,
Aneela Saleem
<[email protected]
<mailto:[email protected]>>
wrote:
Where i can find the logs?
On Tue, Aug 18, 2015 at 7:36
PM, Aneela Saleem
<[email protected]
<mailto:[email protected]>>
wrote:
I wrote the above lines in
olcDatabase={0}config.ldif
file. When i restart slapd
it gets failed.
On Tue, Aug 18, 2015 at
7:14 PM, Aneela Saleem
<[email protected]
<mailto:[email protected]>>
wrote:
Which file i need to
write this in?
On Tue, Aug 18, 2015
at 7:09 PM, Abdelkader
Chelouah
<[email protected]
<mailto:[email protected]>>
wrote:
On 18/08/2015
16:05, Aneela
Saleem wrote:
I have no
slapd.conf. I
have cn=conf
On Tue, Aug 18,
2015 at 6:54 PM,
Abdelkader
Chelouah
<[email protected]
<mailto:[email protected]>>
wrote:
On 18/08/2015
15:51, Aneela
Saleem wrote:
Thanks
Michael and
Abdelkader.
Abdelkaded
the link you
provided is
for
slapd.conf
distribution. Can
you please
guide me how
to do
"cn=config"
distribution?
On Tue, Aug
18, 2015 at
6:45 PM,
Abdelkader
Chelouah
<[email protected]
<mailto:[email protected]>>
wrote:
On
18/08/2015
15:41,
Michael
Ströder
wrote:
Aneela
Saleem
wrote:
Can
anyone
please
provide
me
some
link
for
enabling
"ldaps"
http://www.openldap.org/doc/admin24/tls.html
Ciao, Michael.
or
http://www.openldap.org/faq/data/cache/185.html
regards
You can
convert a
slapd.conf to
cn=config
using slaptest
slaptest -f
path/to/slapd.conf
-F
path/to/slapd.d
# cn=config
dn: cn=config
objectClass: olcGlobal
cn: config
...
olcTLSCACertificateFile:
/path/to/cacert
olcTLSCertificateFile:
/path/to/cert
olcTLSCertificateKeyFile:
/path/to/key
olcTLSCipherSuite:
HIGH:MEDIUM:!SSLv3:!SSLv2
...
Can you run
ldapwhoami -vxD cn=admin,cn=config
-w 123 -H ldap://localhost:389
Ok, retry the "ldapmodify" command using
ldapmodify -xD cn=admin,cn=config -w 123
-H ldap://localhost:389 -f mod_ssl.ldif
There is something wrong with your setup.
1/ Stops your instance
2/ Exports your configuration
slapcat -F /path/to/slapd.d -n 0 -l config.ldif
3/ Performs the modification directly on config.ldif
4/ Removes the old configuration
rm -rf /path/to/slapd.d/*
5/ Imports the new configuration
slapadd -F /path/to/slapd.d -n 0 -l config.ldif
6/ Starts your instance
Did you removed the content of /path/to/slapd.d ?
