| adiemme |
05-20-2017 01:59 PM |
[RHCSA] LDAP server installation using SSL.
Hello everybody,
I am setting up a virtual environment where i can play with and so prepare myself for the RHCSA certification exam.
The thing is that i am currently doing the sample exams on the end of my book (A. Ghori).
Where i am struggling with is the step where it says:
"Use dc=example,dc=com, and LDAP server vm2.example.com with a certificate sitting in /etc/openldap/cacerts to allow ldapuser1 to be able to log on to rhcsa2"
Now, on the server side, i have already set up everything, so LDAP works. The part i am struggling with is the SSL part.
Basically, i have created the CA and the server certificates.
In order to create the certificates i have used easy-rsa.
Code:
[root@hypervisor-s1 keys]# openssl verify -CAfile ca.crt hypervisor-s1.crt
hypervisor-s1.crt: OK
Then, after i have run on the client machine:
[root@rhcsa2 certs]# authconfig --enableldap --enableldapauth --ldapserver='ldaps://hypervisor-s1' --ldapbasedn='dc=domain,dc=local' --update
Code:
I have copied the ca.crt:
[root@hypervisor-s1 keys]# scp ca.crt 192.168.0.201:/etc/openldap/cacerts/
But the problem is that nlscd complains:
[root@rhcsa2 certs]# systemctl status nslcd -l
● nslcd.service - Naming services LDAP client daemon.
Loaded: loaded (/usr/lib/systemd/system/nslcd.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2017-05-20 20:42:20 CEST; 13min ago
Process: 18123 ExecStart=/usr/sbin/nslcd (code=exited, status=0/SUCCESS)
Main PID: 18124 (nslcd)
CGroup: /system.slice/nslcd.service
└─18124 /usr/sbin/nslcd
May 20 20:42:26 rhcsa2 nslcd[18124]: [8b4567] <passwd(all)> failed to bind to LDAP server ldaps://hypervisor-s1: Can't contact LDAP server: TLS error -5938:Encountered end of file: Operation now in progress
May 20 20:42:26 rhcsa2 nslcd[18124]: [8b4567] <passwd(all)> no available LDAP server found, sleeping 1 seconds
May 20 20:42:27 rhcsa2 nslcd[18124]: [8b4567] <passwd(all)> failed to bind to LDAP server ldaps://hypervisor-s1: Can't contact LDAP server: TLS error -5938:Encountered end of file: Operation now in progress
May 20 20:42:27 rhcsa2 nslcd[18124]: [8b4567] <passwd(all)> no available LDAP server found, sleeping 1 seconds
May 20 20:42:28 rhcsa2 nslcd[18124]: [8b4567] <passwd(all)> failed to bind to LDAP server ldaps://hypervisor-s1: Can't contact LDAP server: TLS error -5938:Encountered end of file: Operation now in progress
May 20 20:42:28 rhcsa2 nslcd[18124]: [8b4567] <passwd(all)> no available LDAP server found, sleeping 1 seconds
May 20 20:42:29 rhcsa2 nslcd[18124]: [8b4567] <passwd(all)> failed to bind to LDAP server ldaps://hypervisor-s1: Can't contact LDAP server: TLS error -5938:Encountered end of file: Operation now in progress
May 20 20:42:29 rhcsa2 nslcd[18124]: [8b4567] <passwd(all)> no available LDAP server found, sleeping 1 seconds
May 20 20:42:30 rhcsa2 nslcd[18124]: [8b4567] <passwd(all)> failed to bind to LDAP server ldaps://hypervisor-s1: Can't contact LDAP server: TLS error -5938:Encountered end of file: Operation now in progress
May 20 20:42:30 rhcsa2 nslcd[18124]: [8b4567] <passwd(all)> no available LDAP server found: Can't contact LDAP server: Transport endpoint is not connected
Here are the configs:
[root@rhcsa2 ~]# cat /etc/openldap/ldap.conf | grep -vE '^#|^$'
TLS_CACERTDIR /etc/openldap/cacerts
SASL_NOCANON on
URI ldaps://hypervisor-s1
BASE dc=domain,dc=local
[root@rhcsa2 ~]# cat /etc/nslcd.conf | grep -vE '^#|^$'
uid nslcd
gid ldap
uri ldaps://hypervisor-s1
base dc=domain,dc=local
tls_cacertdir /etc/openldap/cacerts
tls_cacertfile /etc/openldap/cacerts/ca.crt
ssl no
I know that i could just skip the validation and then it would work, but since i am simulating the exam, i would like to stick to it.
Cheers, |
