Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am doing a self study for the RedHat certification and i need a virtual machine which has LDAP configured in order for me to perform the excersises (configuring LDAP authentication and mount home folder)
My problem is that it is way too much work to install an LDAP server from scratch...i did tried tho but result is quite confusing.
Does anyone knows if there is a VDI appliance that:\
1) Has LDAP installed which also includes a posix user test account
2) Has exported the home directory of the user so i can mount it
3) has TLS certificate
4) The TLS certificate is provided via FTP
IF no such appliance exists , is anyone willing to help me setup a system with the above?
installing OpenLDAP is pretty simple tbh. Take that as a suitable exercise for the the redhat certification (which one?). Given the whole point is to learn new technologies, why would you want to avoid this part?
And an appliance that comes with a TLS certificate? That's not going to happen, that defeats the point of TLS / SSL.
Last edited by acid_kewpie; 01-20-2014 at 10:08 AM.
installing OpenLDAP is pretty simple tbh. Take that as a suitable exercise for the the redhat certification (which one?). Given the whole point is to learn new technologies, why would you want to avoid this part?
And an appliance that comes with a TLS certificate? That's not going to happen, that defeats the point of TLS / SSL.
Hi acid_kewpire
I am going for the RHCE and so far what i saw from the material there isnt any LDAP server configuration. The only part of which has LDAP knowladge is the part where you have to just configure your machine to authenticate to an LDAP server which is straight forward :
open authentication -> choose the base dn, ip and TLS option, where to get the certificate from ->ready
However, i just want to be able to perfrom the above task and for that i need an LDAP server.
Regarding the TLS, i might describing things wrong or be a bit confused but i found out an appliance of an debian host with pre-installed LDAP, phpldapadmin and certificates. Its from "turnkey" which i tried but no matter what i try i cant connect my host with the ldap server.
Worst thing is that i am far away from the LDAP services hence i cant really troubleshoot :-(
I am going for the RHCE and so far what i saw from the material there isnt any LDAP server configuration. The only part of which has LDAP knowladge is the part where you have to just configure your machine to authenticate to an LDAP server which is straight forward:
..sums up EXACTLY why I give so little value to 'certifications'. tripialos, are you honestly saying that you want to get 'certified', but want to put as little effort as possible into it, and not learn ANYTHING not related to RHCE?. After you get your 'certification', you will NOT Have a depth of knowledge, know how to troubleshoot/start LDAP (if needed), or do anything past the VERY BASIC:
Quote:
open authentication -> choose the base dn, ip and TLS option, where to get the certificate from ->ready
However, i just want to be able to perfrom the above task and for that i need an LDAP server.
And if you want this:
Quote:
Regarding the TLS, i might describing things wrong or be a bit confused but i found out an appliance of an debian host with pre-installed LDAP, phpldapadmin and certificates. Its from "turnkey" which i tried but no matter what i try i cant connect my host with the ldap server.
Worst thing is that i am far away from the LDAP services hence i cant really troubleshoot :-(
You can easily have it....if you show a small amount of effort, and build your own LDAP server. Amazingly, you will then have KNOWLEDGE (isn't that what your 'certification' would mean?) about LDAP, have your own LDAP server that you won't be 'far away from', and know about TLS certificates, etc.
..sums up EXACTLY why I give so little value to 'certifications'. tripialos, are you honestly saying that you want to get 'certified', but want to put as little effort as possible into it, and not learn ANYTHING not related to RHCE?. After you get your 'certification', you will NOT Have a depth of knowledge, know how to troubleshoot/start LDAP (if needed), or do anything past the VERY BASIC:
And if you want this:
You can easily have it....if you show a small amount of effort, and build your own LDAP server. Amazingly, you will then have KNOWLEDGE (isn't that what your 'certification' would mean?) about LDAP, have your own LDAP server that you won't be 'far away from', and know about TLS certificates, etc.
Hi TB0ne
thanks for your constructive comment :-D
I am my self a fan of the deep knowledge and expertise philosophy however my problem for now is the TIME, i dont have much time.
I am trying to connect to the ldap server using a fedora19 systems and also a rhel 6 system and get the same error:
Quote:
ldapsearch -d 5 -L "(objectclass=*)"
ldap_create
ldap_pvt_sasl_getmech
ldap_search
put_filter: "(objectclass=*)"
put_filter: simple
put_simple_filter: "objectclass=*"
ldap_build_search_req ATTRS: supportedSASLMechanisms
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP 10.88.0.46:636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 10.88.0.46:636
ldap_pvt_connect: fd: 3 tm: -1 async: 0
attempting to connect:
connect success
TLS: certdb config: configDir='/etc/openldap/cacerts' tokenDescription='ldap(0)' certPrefix='' keyPrefix='' flags=readOnly
TLS: cannot open certdb '/etc/openldap/cacerts', error -8018:Unknown PKCS #11 error.
TLS: error: connect - force handshake failure: errno 0 - moznss error -8054
TLS: can't connect: TLS error -8054:You are attempting to import a cert with the same issuer/serial as an existing cert, but that is not the same cert..
ldap_msgfree
ldap_err2string
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
additional info: TLS error -8054:You are attempting to import a cert with the same issuer/serial as an existing cert, but that is not the same cert.
tripialos, did you ever figure this out? I'm studying for the same test while using same openldap appliance + RHEL 6.3 client.... Same exact error.
TIA
Hi buddy
yes i did. I actually studied a bit further and created my own WORKING ( :-D )vm machine with Kerbero and Ldap users !!
Its been a while a go since i troubleshooted the relevant error and apart from that i started from scratch but if not mistaken you have to erase the imported certificates which is done by locating them on specific folder.
Again, i am not sure but if you are still struggling with the same error let me know and i will try to find out the solution
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.