[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: first time user can't contact ldap ldap_bind:



I fixed this by tweaking the common name fiels in my cert to match the output of:
hostname -f

Then I just restarted slapd and binds with ldaps:// worked.

TJ
On Thu, 2004-02-26 at 11:44, Tim Jordan wrote:
I'm trying to set this up in vmware and I really don't know a good way to build this properly.  This is the only box on a private subnet.

I have a few questions I'm hoping someone can advise.

* For the common name while creating the certificate I used debian-sarge-vm - which is the hostname -f of my test box.

1. I'm not sure what needs to be done in what order to get things working so I have my notes posted
here on what I have done so far.


I can do a basic search against ldap with:
ldapsearch -h localhost -x -b "dc=smb-ldap,dc=org" -s base 

I can not do:
ldapsearch -H ldaps://localhost -x -b "dc=smb-ldap,dc=org" -s base
    ldap_bind: Can't contact LDAP server (81)
        additional info: Error in the certificate




2. I installed slapd before installing openssl (I thought this would be installed by the slapd package but it is not).  Could this be my problem?

/etc/ldap/slapd.conf

include            /etc/ldap/schema/core.schema
include            /etc/ldap/schema/cosine.schema
include            /etc/ldap/schema/nis.schema
include            /etc/ldap/schema/inetorgperson.schema

TLSCertificateFile            /etc/ldap/server.pem
TLSCertificateKeyFile        /etc/ldap/server.pem
TLSCACertificateFile        /etc/ldap/server.pem

sasl-realm            smb-ldap.org
sasl-host            debian-sarge-vm.smb-ldap.org

schmeacheck            on
pidfile                            /var/run/slapd.pid
argsfile                          /var/run/slapd.args
loglevel                        0
modulepath                /usr/lib/ldap
moduleload                back_bdb

backend                    bdb
database                    bdb
suffix                        "dc=SMB-LDAP,dc=ORG"\
rootdn                      "cn=admin,dc=smb-ldap,dc=org"
roopw                        secert
directory                    "/var/lib/ldap"

index                            objectClass    eq
lastmod                        on

I left the default ACL's in place.

/etc/ldap/ldap.conf:


HOST            debian-sarge-vm.smb-ldap.org
BASE            dc=org
PORT            389
TSL_CACERT    /etc/ldap/server.pem