LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-20-2014, 08:29 AM   #1
tripialos
Member
 
Registered: Apr 2012
Posts: 163

Rep: Reputation: Disabled
need LDAP appliance


Greetings

I am doing a self study for the RedHat certification and i need a virtual machine which has LDAP configured in order for me to perform the excersises (configuring LDAP authentication and mount home folder)

My problem is that it is way too much work to install an LDAP server from scratch...i did tried tho but result is quite confusing.

Does anyone knows if there is a VDI appliance that:\
1) Has LDAP installed which also includes a posix user test account
2) Has exported the home directory of the user so i can mount it
3) has TLS certificate
4) The TLS certificate is provided via FTP



IF no such appliance exists , is anyone willing to help me setup a system with the above?


Thanks
 
Old 01-20-2014, 11:07 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
installing OpenLDAP is pretty simple tbh. Take that as a suitable exercise for the the redhat certification (which one?). Given the whole point is to learn new technologies, why would you want to avoid this part?

And an appliance that comes with a TLS certificate? That's not going to happen, that defeats the point of TLS / SSL.

Last edited by acid_kewpie; 01-20-2014 at 11:08 AM.
 
Old 01-20-2014, 05:24 PM   #3
tripialos
Member
 
Registered: Apr 2012
Posts: 163

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by acid_kewpie View Post
installing OpenLDAP is pretty simple tbh. Take that as a suitable exercise for the the redhat certification (which one?). Given the whole point is to learn new technologies, why would you want to avoid this part?

And an appliance that comes with a TLS certificate? That's not going to happen, that defeats the point of TLS / SSL.
Hi acid_kewpire

I am going for the RHCE and so far what i saw from the material there isnt any LDAP server configuration. The only part of which has LDAP knowladge is the part where you have to just configure your machine to authenticate to an LDAP server which is straight forward :

open authentication -> choose the base dn, ip and TLS option, where to get the certificate from ->ready

However, i just want to be able to perfrom the above task and for that i need an LDAP server.

Regarding the TLS, i might describing things wrong or be a bit confused but i found out an appliance of an debian host with pre-installed LDAP, phpldapadmin and certificates. Its from "turnkey" which i tried but no matter what i try i cant connect my host with the ldap server.

Worst thing is that i am far away from the LDAP services hence i cant really troubleshoot :-(
 
Old 01-20-2014, 06:19 PM   #4
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 18,305

Rep: Reputation: 3871Reputation: 3871Reputation: 3871Reputation: 3871Reputation: 3871Reputation: 3871Reputation: 3871Reputation: 3871Reputation: 3871Reputation: 3871Reputation: 3871
This sentence:
Quote:
Originally Posted by tripialos View Post
I am going for the RHCE and so far what i saw from the material there isnt any LDAP server configuration. The only part of which has LDAP knowladge is the part where you have to just configure your machine to authenticate to an LDAP server which is straight forward:
..sums up EXACTLY why I give so little value to 'certifications'. tripialos, are you honestly saying that you want to get 'certified', but want to put as little effort as possible into it, and not learn ANYTHING not related to RHCE?. After you get your 'certification', you will NOT Have a depth of knowledge, know how to troubleshoot/start LDAP (if needed), or do anything past the VERY BASIC:
Quote:
open authentication -> choose the base dn, ip and TLS option, where to get the certificate from ->ready
However, i just want to be able to perfrom the above task and for that i need an LDAP server.
And if you want this:
Quote:
Regarding the TLS, i might describing things wrong or be a bit confused but i found out an appliance of an debian host with pre-installed LDAP, phpldapadmin and certificates. Its from "turnkey" which i tried but no matter what i try i cant connect my host with the ldap server.

Worst thing is that i am far away from the LDAP services hence i cant really troubleshoot :-(
You can easily have it....if you show a small amount of effort, and build your own LDAP server. Amazingly, you will then have KNOWLEDGE (isn't that what your 'certification' would mean?) about LDAP, have your own LDAP server that you won't be 'far away from', and know about TLS certificates, etc.
 
Old 01-20-2014, 06:31 PM   #5
tripialos
Member
 
Registered: Apr 2012
Posts: 163

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by TB0ne View Post
This sentence:

..sums up EXACTLY why I give so little value to 'certifications'. tripialos, are you honestly saying that you want to get 'certified', but want to put as little effort as possible into it, and not learn ANYTHING not related to RHCE?. After you get your 'certification', you will NOT Have a depth of knowledge, know how to troubleshoot/start LDAP (if needed), or do anything past the VERY BASIC:

And if you want this:

You can easily have it....if you show a small amount of effort, and build your own LDAP server. Amazingly, you will then have KNOWLEDGE (isn't that what your 'certification' would mean?) about LDAP, have your own LDAP server that you won't be 'far away from', and know about TLS certificates, etc.
Hi TB0ne

thanks for your constructive comment :-D

I am my self a fan of the deep knowledge and expertise philosophy however my problem for now is the TIME, i dont have much time.

Nevertheless i will follow the path you recommend

After all....no pain no gain ;-)
 
Old 01-20-2014, 07:44 PM   #6
tripialos
Member
 
Registered: Apr 2012
Posts: 163

Original Poster
Rep: Reputation: Disabled
OK i am quite stuck here

I am trying to connect to the ldap server using a fedora19 systems and also a rhel 6 system and get the same error:

Quote:
ldapsearch -d 5 -L "(objectclass=*)"
ldap_create
ldap_pvt_sasl_getmech
ldap_search
put_filter: "(objectclass=*)"
put_filter: simple
put_simple_filter: "objectclass=*"
ldap_build_search_req ATTRS: supportedSASLMechanisms
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP 10.88.0.46:636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 10.88.0.46:636
ldap_pvt_connect: fd: 3 tm: -1 async: 0
attempting to connect:
connect success
TLS: certdb config: configDir='/etc/openldap/cacerts' tokenDescription='ldap(0)' certPrefix='' keyPrefix='' flags=readOnly
TLS: cannot open certdb '/etc/openldap/cacerts', error -8018:Unknown PKCS #11 error.
TLS: error: connect - force handshake failure: errno 0 - moznss error -8054
TLS: can't connect: TLS error -8054:You are attempting to import a cert with the same issuer/serial as an existing cert, but that is not the same cert..
ldap_msgfree
ldap_err2string
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
additional info: TLS error -8054:You are attempting to import a cert with the same issuer/serial as an existing cert, but that is not the same cert.
i tried some googling but no luck so far

Any ideas?
 
Old 01-21-2014, 06:14 AM   #7
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,247

Rep: Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328
Good HOWTO here; see left hand menu http://www.server-world.info/en/
 
Old 02-12-2014, 02:15 AM   #8
randolph
LQ Newbie
 
Registered: Feb 2014
Posts: 1

Rep: Reputation: Disabled
tripialos, did you ever figure this out? I'm studying for the same test while using same openldap appliance + RHEL 6.3 client.... Same exact error.

TIA
 
Old 02-18-2014, 05:30 AM   #9
tripialos
Member
 
Registered: Apr 2012
Posts: 163

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by randolph View Post
tripialos, did you ever figure this out? I'm studying for the same test while using same openldap appliance + RHEL 6.3 client.... Same exact error.

TIA
Hi buddy

yes i did. I actually studied a bit further and created my own WORKING ( :-D )vm machine with Kerbero and Ldap users !!

Its been a while a go since i troubleshooted the relevant error and apart from that i started from scratch but if not mistaken you have to erase the imported certificates which is done by locating them on specific folder.

Again, i am not sure but if you are still struggling with the same error let me know and i will try to find out the solution
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LDAP for Barracuda Appliance rhbegin Linux - Enterprise 3 01-03-2012 10:53 AM
[SOLVED] LDAP authentication error [Can't contact LDAP server] from apache httpd jonathan_w_brown Linux - Server 6 12-28-2011 06:30 PM
[SOLVED] Apache authentication: allow LDAP group OR user named guest, but not all LDAP users AlucardZero Linux - Server 1 05-25-2011 04:21 PM
authenticating through one ldap server that uses other ldap servers & active director dreamm Linux - Server 1 02-21-2007 09:22 AM
LXer: LDAP Series Part IV - Installing OpenLDAP on Debian Plus Some LDAP Commentary LXer Syndicated Linux News 0 10-31-2006 07:54 PM


All times are GMT -5. The time now is 09:34 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration