[Date Prev][Date Next] [Chronological] [Thread] [Top]

Using NSS

To: openldap-technical@openldap.org
Subject: Using NSS
From: Braden McDaniel <braden@endoframe.com>
Date: Wed, 26 Oct 2011 22:53:22 -0400
Dkim-signature: v=1; a=rsa-sha1; c=relaxed; d=endoframe.com; h=subject :from:to:date:content-type:message-id:mime-version: content-transfer-encoding; s=endoframe.com; bh=Tuy5DfQDvVLnLBMqZ 2rr3hmGU3M=; b=jW8Da+zBFg9qcEbzipAhJFJua8wtWGDajUraGC2QvRCwgnKTv vslNnl7z6UILR8Fq3hNwX+P/eauYn8VvP//PYTaH5cZMC+MoVoKCGC6TKz5USqdA kBbOFmMljKjDi/bG8PdfpRpQ5VsGb4oRU1eVS8WGY38038Q8YVSq0mzFU4=
Domainkey-signature: a=rsa-sha1; c=nofws; d=endoframe.com; h=subject:from:to :date:content-type:message-id:mime-version: content-transfer-encoding; q=dns; s=endoframe.com; b=DjALM9lV5du JsnANkGlXEfwhVTv7QflYOV6gtFMjgRF48bxrTY4Bz2m2ZLkBqXxImH+uFcej1XA BmR+s0KVeGZ11m/TxBAJegRF6DmvC32/mSh0pR3vxXYDvK87GXDy8Q+DVOfVkvKb P7u4Y6yKdkQWMyrGmFp2qqkBCpZpCHzs=

I am trying to get OpenLDAP (2.4.24) working with NSS on Fedora 15.  In
cn=config.ldif I have:

        olcTLSCACertificatePath: /etc/pki/nssdb                                          
        olcTLSCertificateFile: endoframe                                                 

I have used certutil to create a self-signed certificate:

        # certutil -d /etc/pki/nssdb -L
        
        Certificate Nickname                                         Trust Attributes
                                                                     SSL,S/MIME,JAR/XPI
        
        endoframe                                                    Cu,Cu,Cu

But this doesn't appear to be working:

        $ ldapsearch -H ldaps://rail -b dc=endoframe,dc=net -x -d1
        ldap_url_parse_ext(ldaps://rail)
        ldap_create
        ldap_url_parse_ext(ldaps://rail:636/??base)
        ldap_sasl_bind
        ldap_send_initial_request
        ldap_new_connection 1 1 0
        ldap_int_open_connection
        ldap_connect_to_host: TCP rail:636
        ldap_new_socket: 3
        ldap_prepare_socket: 3
        ldap_connect_to_host: Trying ::1 636
        ldap_pvt_connect: fd: 3 tm: -1 async: 0
        ldap_close_socket: 3
        ldap_new_socket: 3
        ldap_prepare_socket: 3
        ldap_connect_to_host: Trying 127.0.0.1:636
        ldap_pvt_connect: fd: 3 tm: -1 async: 0
        ldap_close_socket: 3
        ldap_err2string
        ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

slapd is running:

        # systemctl status slapd.service
        slapd.service - LSB: starts and stopd OpenLDAP server daemon
        	  Loaded: loaded (/etc/rc.d/init.d/slapd)
        	  Active: active (running) since Wed, 05 Oct 2011 02:24:11 -0400; 3 weeks and 0 days ago
        	Main PID: 1429 (slapd)
        	  CGroup: name=systemd:/system/slapd.service
        		  â 1429 /usr/sbin/slapd -h  ldap:/// -u ldap

Any ideas of what I might be doing wrong, or where I should be looking
to debug this?

-- 
Braden McDaniel <braden@endoframe.com>

Follow-Ups:
- Re: Using NSS
  - From: Dan White <dwhite@olp.net>

Prev by Date: Re: slapcat -n 0 and slapadd
Next by Date: Re: bdb version(s)
Index(es):
- Chronological
- Thread