Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
i installed openldap-stable-20051018.tar.gz and openssl-0.9.8a.tar.gz
i run the command:
"ldapsearch -H ldap://mydomain.org/ -b dc=mydomain,dc=org -x" and it works
but when i try to run it via SSL:
"ldapsearch -H ldaps://mydomain.org/ -b dc=mydomain,dc=org -x"
i got the following message:
"ldap_bind: Can't contact LDAP server (-1)"
the SSL certificate contains CN=mydomain.org
can anyone help?
thanks
thanks for ur reply, the slapd.conf contains two entries for TLS (TLSCertificateFile,TLSCertificateKeyFile)
ldapssl process is listing on port 636
now there is a strange problem, if i run slapd ldap works (non-secured) but when i run slapd -h "ldap:/// ldaps:///"
nothing works!!
i hope u can help me
If you cannot find the cause of your problems by debugging the client connections, maybe you could look at what happens at the server level?
Stop the LDAP service (don't know what distro you're running so I don't know the exact command - you will probably know) and then run this in the console:
Code:
slapd -d 256 -f /etc/openldap/slapd.conf
or when the daemon should run as a special user (mine runs under user ldap) you type
Code:
slapd -u ldap -d 256 -f /etc/openldap/slapd.conf
And then you very carefully check the console output of the slapd process (it will not fork into the background so that you can see all it's messages in the console).
Maybe this helps you tagging the root of the problem. Try other debug levels if you want. "man slapd.conf" will tell you what the various loglevels are showing.
my machine name is server and i use Fedors 4
please see the following:
[root@server libexec]# /usr/local/libexec/slapd -u ldap -d 256
$OpenLDAP: slapd 2.3.11 (Nov 17 2005 12:25:37) $
root@server:/0/openldap-2.3.11/servers/slapd
bdb_db_open: alock package is unstable
backend_startup_one: bi_db_open failed! (-1)
slapd stopped.
connections_destroy: nothing to destroy.
My suspicion is that your database directory (in Fedora that would be /var/lib/ldap most probably) is not owned (anymore) by the ldap user. This is probably the effect of having run slapd manually without adding the "-u ldap" parameter.
What does
Code:
ls -la /var/lib/ldap
tell you?
On Redhat servers I manage (Redhat 8, 9 and RHEL3 and 4) the directory /var/lib/ldap is owned by user ldap and group ldap. No one else but user ldap has access to that directory. If that is not the case for you, you should run this, after stopping the ldap server:
Code:
cd /var/lib/ldap
find . -type f -exec chown ldap:ldap {} \;
find . -type f -exec chmod 600 {} \;
Then, start the server again using
Code:
service ldap start
and test again with your ldapsearch.
A word of advice: your knowledge of LDAP is lacking a little bit. You really need to find and read documentation about services and how the ldap server works if you really want to use it. Your original problem by the way (SSL not working) is still not solved. There is not enough information in your posts to make a good guess at what is wrong.
thanks for ur advice, i read the Official OpenLdap manual, and i'm trying to configre the openldap using its steps, but i have a problem with ldif files
i run ldapadd -f ia.ldif -x
and i get the error:
ldap_add: Undefined attribute type (17)
additional info: dn: attribute type undefined
**************************************************************
here is my ldif file:
**************************************************************
# Organization for Test
dn:dc=mydomain,dc=org
objectClass: dcObject
objectClass: organization
o:Test
description: Test
# Organizational Role for Directory Manager
dn:cn=Head,dc=mydomain,dc=org
objectClass: organizationalRole
cn: Head
name: my_name
description: my Head
***************************************************************
here is the include part of my slapd.conf:
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/openldap.schema
***************************************************************
i hope u can help
thanks
Add a space behind dn: and also behind o:. The space is required as a separator. Use the -v parameter to ldapadd if you want to see more verbose messages.
Your reply has nothing to do with the original topic which is about configuring secure LDAP connections. Also your suggestions are very Redhat specific, they will not work on many other distros.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.