Re: Antw: OpenLDAP slapd problems - ldap_result: Can't contact LDAP server (-1) --- Low Sensitivity/Aerospace Internal Use Only

[Warron S French <Warron.S.French@aero.org>]

Low Sensitivity/Aerospace Internal Use
Only

Ulrich, I attempted what you suggested as well, but I got back a different
error.  And I don't know if it makes any difference, but I don't have
TLS configurations in place yet; that is what I am attempting to accomplish.


Anyway, after performing the following
command:
ldapmodify -ZZ -x -W
-D cn=admin,cn=config -v -f /tmp/LDAP-CONFIG-TLS.ldif

I got the following error in response:
ldap_initialize( <DEFAULT>
)
ldap_start_tls: Protocol
error (2)
     
  Additional info: unsupported extended operation



Thanks for the help,

Warron French, MBA,
SCSA



From:      
 "Ulrich Windl"
<Ulrich.Windl@rz.uni-regensburg.de>
To:      
 "Warron S French"
<Warron.S.French@aero.org>, <openldap-technical@openldap.org>,

Date:      
 01/27/2014 02:34 AM
Subject:    
   Antw: OpenLDAP
slapd problems - ldap_result: Can't contact LDAP server (-1) --- Low Sensitivity/Aerospace
Internal Use Only

---

>>> Warron S French <Warron.S.French@aero.org>
schrieb am 24.01.2014 um 17:28 in
Nachricht
<OFE6BBFCB7.3C423E61-ON85257C6A.005A0B4C-85257C6A.005A6E20@notes.aero.org>:
> Low Sensitivity/Aerospace Internal Use Only
> 
> Working on a CentOS-6.5 server, running LTB Project's  slapd-2.4.38.
> 
> Someone suggested I implement a cn=admin,cn=config for a cn=config
setup. 
> (I don't know how to technically word that). 
> 
> 
> Anyway, I need to make TLS-related changes and was told to do the
> following command: 
> 
> ldapmodify  -x -D "cn=admin,cn=config"   -W  -d
256

Try "ldapmodify -ZZ -x -W -D cn=_your_admin_-v -f _your_ldif_file"

> 
> ...then at the blank line type the following, each on a single line:
> 
> Dn:                  
                  cn=config
> Changetype:                
    modify 
> Add:                  
                 olcTLSCipherSuite
> OlcTLSCipherSuite:        HIGH:MEDIUM+TLSv1+SSLv3
> <CTRL-D> 
> 
> 
> I have been getting an error reponse of: 
> ldap_result:  Can't contact LDAP server (-1) 
> 
> This __ONLY__ occurs after I hit <CTRL-D>, not before.  Yes,
the daemon, 
> slapd, is actually running, but after this failure it abruptly stops.
 I 
> know this because in a separate terminal on the same system, I am
running 
> a while-loop with a ps -e | grep slapd in it. 
> 
> 
> Please note the "-x" option according to the man page for
ldapmodify is 
> supposed to Use simple authentication instead of SASL. 
> 
> 
> Thank you all for your help, hopefully you can: 
> 
> 1) tell me what this error means, and 
> 2) how to fix my problem so that I can complete the olcTLSxxxx changes
I 
> need to implement. 
> 
> 
> 
> 
> 
> Warron French, MBA, SCSA
> The Aerospace Corporation
> Sr. UNIX SA & Storage Admin
> Mailstop:  CH1-230
> Desk: 571-307-5311
> Cell: 703-967-8936
> 
> 
> Low Sensitivity/Aerospace Internal Use Only






Low Sensitivity/Aerospace Internal Use Only