[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: first time user can't contact ldap ldap_bind:
I fixed this by tweaking the common name fiels in my cert to match the output of:
hostname -f
Then I just restarted slapd and binds with ldaps:// worked.
TJ
On Thu, 2004-02-26 at 11:44, Tim Jordan wrote:
I'm trying to set this up in vmware and I really don't know a good way to build this properly. This is the only box on a private subnet.
I have a few questions I'm hoping someone can advise.
* For the common name while creating the certificate I used debian-sarge-vm - which is the hostname -f of my test box.
1. I'm not sure what needs to be done in what order to get things working so I have my notes posted here on what I have done so far.
I can do a basic search against ldap with:
ldapsearch -h localhost -x -b "dc=smb-ldap,dc=org" -s base
I can not do:
ldapsearch -H ldaps://localhost -x -b "dc=smb-ldap,dc=org" -s base
ldap_bind: Can't contact LDAP server (81)
additional info: Error in the certificate
2. I installed slapd before installing openssl (I thought this would be installed by the slapd package but it is not). Could this be my problem?
/etc/ldap/slapd.conf
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
TLSCertificateFile /etc/ldap/server.pem
TLSCertificateKeyFile /etc/ldap/server.pem
TLSCACertificateFile /etc/ldap/server.pem
sasl-realm smb-ldap.org
sasl-host debian-sarge-vm.smb-ldap.org
schmeacheck on
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
loglevel 0
modulepath /usr/lib/ldap
moduleload back_bdb
backend bdb
database bdb
suffix "dc=SMB-LDAP,dc=ORG"\
rootdn "cn=admin,dc=smb-ldap,dc=org"
roopw secert
directory "/var/lib/ldap"
index objectClass eq
lastmod on
I left the default ACL's in place.
/etc/ldap/ldap.conf:
HOST debian-sarge-vm.smb-ldap.org
BASE dc=org
PORT 389
TSL_CACERT /etc/ldap/server.pem