Hi Abdelkader, I have changed my ldap.conf file to following: BASE dc=platalytics,dc=com URI ldaps://127.0.0.1 TLS_REQCERT demand TLS_CACERT /etc/ldap/cacert.pem I also works. Can you please verify is it correct approach? On Thu, Aug 20, 2015 at 11:36 PM, Aneela Saleem <aneela@platalytics.com> wrote: Hi Abdelkader, I tried following link http://rogermoffatt.com/2011/08/24/ubuntu-openldap-with-ssltls/ It worked. But don't you think setting "TLS_REQCERT never" kills the purpose of ssl. As client FQDN is not checked in this againt. On Thu, Aug 20, 2015 at 10:39 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 20/08/2015 18:23, Aneela Saleem wrote: 55d5ff01 str2entry: entry -1 has multiple DNs "cn=config" and "cn=module{0},cn=config" On Thu, Aug 20, 2015 at 8:30 PM, Aneela Saleem <aneela@platalytics.com> wrote: 5/ Imports the new configuration slapadd -F /path/to/slapd.d -n 0 -l config.ldif I get the following error: slapadd: could not add entry dn="cn=config" (line=1): _ 1.03% eta none elapsed none spd 4.2 M/s Closing DB... On Thu, Aug 20, 2015 at 2:11 AM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 19/08/2015 20:32, Aneela Saleem wrote: Anyone there? Please help me getting out of this problem On Wed, Aug 19, 2015 at 1:29 AM, Aneela Saleem <aneela@platalytics.com> wrote: this is my /etc/ldap/ldap.conf file: BASE dc=platalytics,dc=com URI ldap://127.0.0.1 TLS_CACERT /etc/ldap/cacert.pem On Wed, Aug 19, 2015 at 1:07 AM, Aneela Saleem <aneela@platalytics.com> wrote: Still i get following error: modifying entry "cn=config" ldap_result: Can't contact LDAP server (-1) On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 20:27, Aneela Saleem wrote: I get following result ldap_initialize( ldap://localhost:389/??base ) dn:cn=admin,cn=config Result: Success (0) On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 20:11, Aneela Saleem wrote: When i add below file i.e., ssl_mod.ldif dn: cn=config changetype: modify add: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ldap/cacert.pem - add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ldap/servercrt.pem - add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem - add: olcTLSCipherSuite olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 using following command: ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f mod_ssl.ldif i get ldap_result: Can't contact LDAP server (-1) error. Although LDAP is running. I can run following command i.e., ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w 123 -b "dc=platalytics,dc=com" "objectclass=*" How can i make ldaps work? On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem <aneela@platalytics.com> wrote: Where i can find the logs? On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem <aneela@platalytics.com> wrote: I wrote the above lines in olcDatabase={0}config.ldif file. When i restart slapd it gets failed. On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem <aneela@platalytics.com> wrote: Which file i need to write this in? On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 16:05, Aneela Saleem wrote: I have no slapd.conf. I have cn=conf On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 15:51, Aneela Saleem wrote: Thanks Michael and Abdelkader. Abdelkaded the link you provided is for slapd.conf distribution. Can you please guide me how to do "cn=config" distribution? On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 15:41, Michael Ströder wrote: Aneela Saleem wrote: Can anyone please provide me some link for enabling "ldaps" http://www.openldap.org/doc/admin24/tls.html Ciao, Michael. or http://www.openldap.org/faq/data/cache/185.html regards You can convert a slapd.conf to cn=config using slaptest slaptest -f path/to/slapd.conf -F path/to/slapd.d # cn=config dn: cn=config objectClass: olcGlobal cn: config ... olcTLSCACertificateFile: /path/to/cacert olcTLSCertificateFile: /path/to/cert olcTLSCertificateKeyFile: /path/to/key olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 ... Can you run ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389 Ok, retry the "ldapmodify" command using ldapmodify -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 -f mod_ssl.ldif There is something wrong with your setup. 1/ Stops your instance 2/ Exports your configuration slapcat -F /path/to/slapd.d -n 0 -l config.ldif 3/ Performs the modification directly on config.ldif 4/ Removes the old configuration rm -rf /path/to/slapd.d/* 5/ Imports the new configuration slapadd -F /path/to/slapd.d -n 0 -l config.ldif 6/ Starts your instance Did you removed the content of /path/to/slapd.d ?
Hi Abdelkader, I tried following link http://rogermoffatt.com/2011/08/24/ubuntu-openldap-with-ssltls/ It worked. But don't you think setting "TLS_REQCERT never" kills the purpose of ssl. As client FQDN is not checked in this againt. On Thu, Aug 20, 2015 at 10:39 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 20/08/2015 18:23, Aneela Saleem wrote: 55d5ff01 str2entry: entry -1 has multiple DNs "cn=config" and "cn=module{0},cn=config" On Thu, Aug 20, 2015 at 8:30 PM, Aneela Saleem <aneela@platalytics.com> wrote: 5/ Imports the new configuration slapadd -F /path/to/slapd.d -n 0 -l config.ldif I get the following error: slapadd: could not add entry dn="cn=config" (line=1): _ 1.03% eta none elapsed none spd 4.2 M/s Closing DB... On Thu, Aug 20, 2015 at 2:11 AM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 19/08/2015 20:32, Aneela Saleem wrote: Anyone there? Please help me getting out of this problem On Wed, Aug 19, 2015 at 1:29 AM, Aneela Saleem <aneela@platalytics.com> wrote: this is my /etc/ldap/ldap.conf file: BASE dc=platalytics,dc=com URI ldap://127.0.0.1 TLS_CACERT /etc/ldap/cacert.pem On Wed, Aug 19, 2015 at 1:07 AM, Aneela Saleem <aneela@platalytics.com> wrote: Still i get following error: modifying entry "cn=config" ldap_result: Can't contact LDAP server (-1) On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 20:27, Aneela Saleem wrote: I get following result ldap_initialize( ldap://localhost:389/??base ) dn:cn=admin,cn=config Result: Success (0) On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 20:11, Aneela Saleem wrote: When i add below file i.e., ssl_mod.ldif dn: cn=config changetype: modify add: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ldap/cacert.pem - add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ldap/servercrt.pem - add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem - add: olcTLSCipherSuite olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 using following command: ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f mod_ssl.ldif i get ldap_result: Can't contact LDAP server (-1) error. Although LDAP is running. I can run following command i.e., ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w 123 -b "dc=platalytics,dc=com" "objectclass=*" How can i make ldaps work? On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem <aneela@platalytics.com> wrote: Where i can find the logs? On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem <aneela@platalytics.com> wrote: I wrote the above lines in olcDatabase={0}config.ldif file. When i restart slapd it gets failed. On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem <aneela@platalytics.com> wrote: Which file i need to write this in? On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 16:05, Aneela Saleem wrote: I have no slapd.conf. I have cn=conf On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 15:51, Aneela Saleem wrote: Thanks Michael and Abdelkader. Abdelkaded the link you provided is for slapd.conf distribution. Can you please guide me how to do "cn=config" distribution? On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 15:41, Michael Ströder wrote: Aneela Saleem wrote: Can anyone please provide me some link for enabling "ldaps" http://www.openldap.org/doc/admin24/tls.html Ciao, Michael. or http://www.openldap.org/faq/data/cache/185.html regards You can convert a slapd.conf to cn=config using slaptest slaptest -f path/to/slapd.conf -F path/to/slapd.d # cn=config dn: cn=config objectClass: olcGlobal cn: config ... olcTLSCACertificateFile: /path/to/cacert olcTLSCertificateFile: /path/to/cert olcTLSCertificateKeyFile: /path/to/key olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 ... Can you run ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389 Ok, retry the "ldapmodify" command using ldapmodify -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 -f mod_ssl.ldif There is something wrong with your setup. 1/ Stops your instance 2/ Exports your configuration slapcat -F /path/to/slapd.d -n 0 -l config.ldif 3/ Performs the modification directly on config.ldif 4/ Removes the old configuration rm -rf /path/to/slapd.d/* 5/ Imports the new configuration slapadd -F /path/to/slapd.d -n 0 -l config.ldif 6/ Starts your instance Did you removed the content of /path/to/slapd.d ?
On 20/08/2015 18:23, Aneela Saleem wrote: 55d5ff01 str2entry: entry -1 has multiple DNs "cn=config" and "cn=module{0},cn=config" On Thu, Aug 20, 2015 at 8:30 PM, Aneela Saleem <aneela@platalytics.com> wrote: 5/ Imports the new configuration slapadd -F /path/to/slapd.d -n 0 -l config.ldif I get the following error: slapadd: could not add entry dn="cn=config" (line=1): _ 1.03% eta none elapsed none spd 4.2 M/s Closing DB... On Thu, Aug 20, 2015 at 2:11 AM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 19/08/2015 20:32, Aneela Saleem wrote: Anyone there? Please help me getting out of this problem On Wed, Aug 19, 2015 at 1:29 AM, Aneela Saleem <aneela@platalytics.com> wrote: this is my /etc/ldap/ldap.conf file: BASE dc=platalytics,dc=com URI ldap://127.0.0.1 TLS_CACERT /etc/ldap/cacert.pem On Wed, Aug 19, 2015 at 1:07 AM, Aneela Saleem <aneela@platalytics.com> wrote: Still i get following error: modifying entry "cn=config" ldap_result: Can't contact LDAP server (-1) On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 20:27, Aneela Saleem wrote: I get following result ldap_initialize( ldap://localhost:389/??base ) dn:cn=admin,cn=config Result: Success (0) On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 20:11, Aneela Saleem wrote: When i add below file i.e., ssl_mod.ldif dn: cn=config changetype: modify add: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ldap/cacert.pem - add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ldap/servercrt.pem - add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem - add: olcTLSCipherSuite olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 using following command: ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f mod_ssl.ldif i get ldap_result: Can't contact LDAP server (-1) error. Although LDAP is running. I can run following command i.e., ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w 123 -b "dc=platalytics,dc=com" "objectclass=*" How can i make ldaps work? On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem <aneela@platalytics.com> wrote: Where i can find the logs? On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem <aneela@platalytics.com> wrote: I wrote the above lines in olcDatabase={0}config.ldif file. When i restart slapd it gets failed. On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem <aneela@platalytics.com> wrote: Which file i need to write this in? On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 16:05, Aneela Saleem wrote: I have no slapd.conf. I have cn=conf On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 15:51, Aneela Saleem wrote: Thanks Michael and Abdelkader. Abdelkaded the link you provided is for slapd.conf distribution. Can you please guide me how to do "cn=config" distribution? On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 15:41, Michael Ströder wrote: Aneela Saleem wrote: Can anyone please provide me some link for enabling "ldaps" http://www.openldap.org/doc/admin24/tls.html Ciao, Michael. or http://www.openldap.org/faq/data/cache/185.html regards You can convert a slapd.conf to cn=config using slaptest slaptest -f path/to/slapd.conf -F path/to/slapd.d # cn=config dn: cn=config objectClass: olcGlobal cn: config ... olcTLSCACertificateFile: /path/to/cacert olcTLSCertificateFile: /path/to/cert olcTLSCertificateKeyFile: /path/to/key olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 ... Can you run ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389 Ok, retry the "ldapmodify" command using ldapmodify -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 -f mod_ssl.ldif There is something wrong with your setup. 1/ Stops your instance 2/ Exports your configuration slapcat -F /path/to/slapd.d -n 0 -l config.ldif 3/ Performs the modification directly on config.ldif 4/ Removes the old configuration rm -rf /path/to/slapd.d/* 5/ Imports the new configuration slapadd -F /path/to/slapd.d -n 0 -l config.ldif 6/ Starts your instance Did you removed the content of /path/to/slapd.d ?
55d5ff01 str2entry: entry -1 has multiple DNs "cn=config" and "cn=module{0},cn=config" On Thu, Aug 20, 2015 at 8:30 PM, Aneela Saleem <aneela@platalytics.com> wrote: 5/ Imports the new configuration slapadd -F /path/to/slapd.d -n 0 -l config.ldif I get the following error: slapadd: could not add entry dn="cn=config" (line=1): _ 1.03% eta none elapsed none spd 4.2 M/s Closing DB... On Thu, Aug 20, 2015 at 2:11 AM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 19/08/2015 20:32, Aneela Saleem wrote: Anyone there? Please help me getting out of this problem On Wed, Aug 19, 2015 at 1:29 AM, Aneela Saleem <aneela@platalytics.com> wrote: this is my /etc/ldap/ldap.conf file: BASE dc=platalytics,dc=com URI ldap://127.0.0.1 TLS_CACERT /etc/ldap/cacert.pem On Wed, Aug 19, 2015 at 1:07 AM, Aneela Saleem <aneela@platalytics.com> wrote: Still i get following error: modifying entry "cn=config" ldap_result: Can't contact LDAP server (-1) On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 20:27, Aneela Saleem wrote: I get following result ldap_initialize( ldap://localhost:389/??base ) dn:cn=admin,cn=config Result: Success (0) On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 20:11, Aneela Saleem wrote: When i add below file i.e., ssl_mod.ldif dn: cn=config changetype: modify add: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ldap/cacert.pem - add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ldap/servercrt.pem - add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem - add: olcTLSCipherSuite olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 using following command: ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f mod_ssl.ldif i get ldap_result: Can't contact LDAP server (-1) error. Although LDAP is running. I can run following command i.e., ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w 123 -b "dc=platalytics,dc=com" "objectclass=*" How can i make ldaps work? On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem <aneela@platalytics.com> wrote: Where i can find the logs? On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem <aneela@platalytics.com> wrote: I wrote the above lines in olcDatabase={0}config.ldif file. When i restart slapd it gets failed. On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem <aneela@platalytics.com> wrote: Which file i need to write this in? On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 16:05, Aneela Saleem wrote: I have no slapd.conf. I have cn=conf On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 15:51, Aneela Saleem wrote: Thanks Michael and Abdelkader. Abdelkaded the link you provided is for slapd.conf distribution. Can you please guide me how to do "cn=config" distribution? On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 15:41, Michael Ströder wrote: Aneela Saleem wrote: Can anyone please provide me some link for enabling "ldaps" http://www.openldap.org/doc/admin24/tls.html Ciao, Michael. or http://www.openldap.org/faq/data/cache/185.html regards You can convert a slapd.conf to cn=config using slaptest slaptest -f path/to/slapd.conf -F path/to/slapd.d # cn=config dn: cn=config objectClass: olcGlobal cn: config ... olcTLSCACertificateFile: /path/to/cacert olcTLSCertificateFile: /path/to/cert olcTLSCertificateKeyFile: /path/to/key olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 ... Can you run ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389 Ok, retry the "ldapmodify" command using ldapmodify -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 -f mod_ssl.ldif There is something wrong with your setup. 1/ Stops your instance 2/ Exports your configuration slapcat -F /path/to/slapd.d -n 0 -l config.ldif 3/ Performs the modification directly on config.ldif 4/ Removes the old configuration rm -rf /path/to/slapd.d/* 5/ Imports the new configuration slapadd -F /path/to/slapd.d -n 0 -l config.ldif 6/ Starts your instance
5/ Imports the new configuration slapadd -F /path/to/slapd.d -n 0 -l config.ldif I get the following error: slapadd: could not add entry dn="cn=config" (line=1): _ 1.03% eta none elapsed none spd 4.2 M/s Closing DB... On Thu, Aug 20, 2015 at 2:11 AM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 19/08/2015 20:32, Aneela Saleem wrote: Anyone there? Please help me getting out of this problem On Wed, Aug 19, 2015 at 1:29 AM, Aneela Saleem <aneela@platalytics.com> wrote: this is my /etc/ldap/ldap.conf file: BASE dc=platalytics,dc=com URI ldap://127.0.0.1 TLS_CACERT /etc/ldap/cacert.pem On Wed, Aug 19, 2015 at 1:07 AM, Aneela Saleem <aneela@platalytics.com> wrote: Still i get following error: modifying entry "cn=config" ldap_result: Can't contact LDAP server (-1) On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 20:27, Aneela Saleem wrote: I get following result ldap_initialize( ldap://localhost:389/??base ) dn:cn=admin,cn=config Result: Success (0) On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 20:11, Aneela Saleem wrote: When i add below file i.e., ssl_mod.ldif dn: cn=config changetype: modify add: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ldap/cacert.pem - add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ldap/servercrt.pem - add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem - add: olcTLSCipherSuite olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 using following command: ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f mod_ssl.ldif i get ldap_result: Can't contact LDAP server (-1) error. Although LDAP is running. I can run following command i.e., ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w 123 -b "dc=platalytics,dc=com" "objectclass=*" How can i make ldaps work? On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem <aneela@platalytics.com> wrote: Where i can find the logs? On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem <aneela@platalytics.com> wrote: I wrote the above lines in olcDatabase={0}config.ldif file. When i restart slapd it gets failed. On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem <aneela@platalytics.com> wrote: Which file i need to write this in? On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 16:05, Aneela Saleem wrote: I have no slapd.conf. I have cn=conf On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 15:51, Aneela Saleem wrote: Thanks Michael and Abdelkader. Abdelkaded the link you provided is for slapd.conf distribution. Can you please guide me how to do "cn=config" distribution? On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 15:41, Michael Ströder wrote: Aneela Saleem wrote: Can anyone please provide me some link for enabling "ldaps" http://www.openldap.org/doc/admin24/tls.html Ciao, Michael. or http://www.openldap.org/faq/data/cache/185.html regards You can convert a slapd.conf to cn=config using slaptest slaptest -f path/to/slapd.conf -F path/to/slapd.d # cn=config dn: cn=config objectClass: olcGlobal cn: config ... olcTLSCACertificateFile: /path/to/cacert olcTLSCertificateFile: /path/to/cert olcTLSCertificateKeyFile: /path/to/key olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 ... Can you run ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389 Ok, retry the "ldapmodify" command using ldapmodify -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 -f mod_ssl.ldif There is something wrong with your setup. 1/ Stops your instance 2/ Exports your configuration slapcat -F /path/to/slapd.d -n 0 -l config.ldif 3/ Performs the modification directly on config.ldif 4/ Removes the old configuration rm -rf /path/to/slapd.d/* 5/ Imports the new configuration slapadd -F /path/to/slapd.d -n 0 -l config.ldif 6/ Starts your instance
On 19/08/2015 20:32, Aneela Saleem wrote: Anyone there? Please help me getting out of this problem On Wed, Aug 19, 2015 at 1:29 AM, Aneela Saleem <aneela@platalytics.com> wrote: this is my /etc/ldap/ldap.conf file: BASE dc=platalytics,dc=com URI ldap://127.0.0.1 TLS_CACERT /etc/ldap/cacert.pem On Wed, Aug 19, 2015 at 1:07 AM, Aneela Saleem <aneela@platalytics.com> wrote: Still i get following error: modifying entry "cn=config" ldap_result: Can't contact LDAP server (-1) On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 20:27, Aneela Saleem wrote: I get following result ldap_initialize( ldap://localhost:389/??base ) dn:cn=admin,cn=config Result: Success (0) On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 20:11, Aneela Saleem wrote: When i add below file i.e., ssl_mod.ldif dn: cn=config changetype: modify add: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ldap/cacert.pem - add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ldap/servercrt.pem - add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem - add: olcTLSCipherSuite olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 using following command: ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f mod_ssl.ldif i get ldap_result: Can't contact LDAP server (-1) error. Although LDAP is running. I can run following command i.e., ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w 123 -b "dc=platalytics,dc=com" "objectclass=*" How can i make ldaps work? On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem <aneela@platalytics.com> wrote: Where i can find the logs? On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem <aneela@platalytics.com> wrote: I wrote the above lines in olcDatabase={0}config.ldif file. When i restart slapd it gets failed. On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem <aneela@platalytics.com> wrote: Which file i need to write this in? On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 16:05, Aneela Saleem wrote: I have no slapd.conf. I have cn=conf On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 15:51, Aneela Saleem wrote: Thanks Michael and Abdelkader. Abdelkaded the link you provided is for slapd.conf distribution. Can you please guide me how to do "cn=config" distribution? On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 15:41, Michael Ströder wrote: Aneela Saleem wrote: Can anyone please provide me some link for enabling "ldaps" http://www.openldap.org/doc/admin24/tls.html Ciao, Michael. or http://www.openldap.org/faq/data/cache/185.html regards You can convert a slapd.conf to cn=config using slaptest slaptest -f path/to/slapd.conf -F path/to/slapd.d # cn=config dn: cn=config objectClass: olcGlobal cn: config ... olcTLSCACertificateFile: /path/to/cacert olcTLSCertificateFile: /path/to/cert olcTLSCertificateKeyFile: /path/to/key olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 ... Can you run ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389 Ok, retry the "ldapmodify" command using ldapmodify -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 -f mod_ssl.ldif There is something wrong with your setup. 1/ Stops your instance 2/ Exports your configuration slapcat -F /path/to/slapd.d -n 0 -l config.ldif 3/ Performs the modification directly on config.ldif 4/ Removes the old configuration rm -rf /path/to/slapd.d/* 5/ Imports the new configuration slapadd -F /path/to/slapd.d -n 0 -l config.ldif 6/ Starts your instance
Anyone there? Please help me getting out of this problem On Wed, Aug 19, 2015 at 1:29 AM, Aneela Saleem <aneela@platalytics.com> wrote: this is my /etc/ldap/ldap.conf file: BASE dc=platalytics,dc=com URI ldap://127.0.0.1 TLS_CACERT /etc/ldap/cacert.pem On Wed, Aug 19, 2015 at 1:07 AM, Aneela Saleem <aneela@platalytics.com> wrote: Still i get following error: modifying entry "cn=config" ldap_result: Can't contact LDAP server (-1) On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 20:27, Aneela Saleem wrote: I get following result ldap_initialize( ldap://localhost:389/??base ) dn:cn=admin,cn=config Result: Success (0) On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 20:11, Aneela Saleem wrote: When i add below file i.e., ssl_mod.ldif dn: cn=config changetype: modify add: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ldap/cacert.pem - add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ldap/servercrt.pem - add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem - add: olcTLSCipherSuite olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 using following command: ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f mod_ssl.ldif i get ldap_result: Can't contact LDAP server (-1) error. Although LDAP is running. I can run following command i.e., ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w 123 -b "dc=platalytics,dc=com" "objectclass=*" How can i make ldaps work? On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem <aneela@platalytics.com> wrote: Where i can find the logs? On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem <aneela@platalytics.com> wrote: I wrote the above lines in olcDatabase={0}config.ldif file. When i restart slapd it gets failed. On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem <aneela@platalytics.com> wrote: Which file i need to write this in? On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 16:05, Aneela Saleem wrote: I have no slapd.conf. I have cn=conf On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 15:51, Aneela Saleem wrote: Thanks Michael and Abdelkader. Abdelkaded the link you provided is for slapd.conf distribution. Can you please guide me how to do "cn=config" distribution? On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 15:41, Michael Ströder wrote: Aneela Saleem wrote: Can anyone please provide me some link for enabling "ldaps" http://www.openldap.org/doc/admin24/tls.html Ciao, Michael. or http://www.openldap.org/faq/data/cache/185.html regards You can convert a slapd.conf to cn=config using slaptest slaptest -f path/to/slapd.conf -F path/to/slapd.d # cn=config dn: cn=config objectClass: olcGlobal cn: config ... olcTLSCACertificateFile: /path/to/cacert olcTLSCertificateFile: /path/to/cert olcTLSCertificateKeyFile: /path/to/key olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 ... Can you run ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389 Ok, retry the "ldapmodify" command using ldapmodify -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 -f mod_ssl.ldif
this is my /etc/ldap/ldap.conf file: BASE dc=platalytics,dc=com URI ldap://127.0.0.1 TLS_CACERT /etc/ldap/cacert.pem On Wed, Aug 19, 2015 at 1:07 AM, Aneela Saleem <aneela@platalytics.com> wrote: Still i get following error: modifying entry "cn=config" ldap_result: Can't contact LDAP server (-1) On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 20:27, Aneela Saleem wrote: I get following result ldap_initialize( ldap://localhost:389/??base ) dn:cn=admin,cn=config Result: Success (0) On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 20:11, Aneela Saleem wrote: When i add below file i.e., ssl_mod.ldif dn: cn=config changetype: modify add: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ldap/cacert.pem - add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ldap/servercrt.pem - add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem - add: olcTLSCipherSuite olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 using following command: ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f mod_ssl.ldif i get ldap_result: Can't contact LDAP server (-1) error. Although LDAP is running. I can run following command i.e., ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w 123 -b "dc=platalytics,dc=com" "objectclass=*" How can i make ldaps work? On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem <aneela@platalytics.com> wrote: Where i can find the logs? On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem <aneela@platalytics.com> wrote: I wrote the above lines in olcDatabase={0}config.ldif file. When i restart slapd it gets failed. On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem <aneela@platalytics.com> wrote: Which file i need to write this in? On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 16:05, Aneela Saleem wrote: I have no slapd.conf. I have cn=conf On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 15:51, Aneela Saleem wrote: Thanks Michael and Abdelkader. Abdelkaded the link you provided is for slapd.conf distribution. Can you please guide me how to do "cn=config" distribution? On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 15:41, Michael Ströder wrote: Aneela Saleem wrote: Can anyone please provide me some link for enabling "ldaps" http://www.openldap.org/doc/admin24/tls.html Ciao, Michael. or http://www.openldap.org/faq/data/cache/185.html regards You can convert a slapd.conf to cn=config using slaptest slaptest -f path/to/slapd.conf -F path/to/slapd.d # cn=config dn: cn=config objectClass: olcGlobal cn: config ... olcTLSCACertificateFile: /path/to/cacert olcTLSCertificateFile: /path/to/cert olcTLSCertificateKeyFile: /path/to/key olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 ... Can you run ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389 Ok, retry the "ldapmodify" command using ldapmodify -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 -f mod_ssl.ldif
Still i get following error: modifying entry "cn=config" ldap_result: Can't contact LDAP server (-1) On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 20:27, Aneela Saleem wrote: I get following result ldap_initialize( ldap://localhost:389/??base ) dn:cn=admin,cn=config Result: Success (0) On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 20:11, Aneela Saleem wrote: When i add below file i.e., ssl_mod.ldif dn: cn=config changetype: modify add: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ldap/cacert.pem - add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ldap/servercrt.pem - add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem - add: olcTLSCipherSuite olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 using following command: ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f mod_ssl.ldif i get ldap_result: Can't contact LDAP server (-1) error. Although LDAP is running. I can run following command i.e., ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w 123 -b "dc=platalytics,dc=com" "objectclass=*" How can i make ldaps work? On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem <aneela@platalytics.com> wrote: Where i can find the logs? On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem <aneela@platalytics.com> wrote: I wrote the above lines in olcDatabase={0}config.ldif file. When i restart slapd it gets failed. On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem <aneela@platalytics.com> wrote: Which file i need to write this in? On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 16:05, Aneela Saleem wrote: I have no slapd.conf. I have cn=conf On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 15:51, Aneela Saleem wrote: Thanks Michael and Abdelkader. Abdelkaded the link you provided is for slapd.conf distribution. Can you please guide me how to do "cn=config" distribution? On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 15:41, Michael Ströder wrote: Aneela Saleem wrote: Can anyone please provide me some link for enabling "ldaps" http://www.openldap.org/doc/admin24/tls.html Ciao, Michael. or http://www.openldap.org/faq/data/cache/185.html regards You can convert a slapd.conf to cn=config using slaptest slaptest -f path/to/slapd.conf -F path/to/slapd.d # cn=config dn: cn=config objectClass: olcGlobal cn: config ... olcTLSCACertificateFile: /path/to/cacert olcTLSCertificateFile: /path/to/cert olcTLSCertificateKeyFile: /path/to/key olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 ... Can you run ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389 Ok, retry the "ldapmodify" command using ldapmodify -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 -f mod_ssl.ldif
On 18/08/2015 20:27, Aneela Saleem wrote: I get following result ldap_initialize( ldap://localhost:389/??base ) dn:cn=admin,cn=config Result: Success (0) On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 20:11, Aneela Saleem wrote: When i add below file i.e., ssl_mod.ldif dn: cn=config changetype: modify add: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ldap/cacert.pem - add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ldap/servercrt.pem - add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem - add: olcTLSCipherSuite olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 using following command: ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f mod_ssl.ldif i get ldap_result: Can't contact LDAP server (-1) error. Although LDAP is running. I can run following command i.e., ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w 123 -b "dc=platalytics,dc=com" "objectclass=*" How can i make ldaps work? On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem <aneela@platalytics.com> wrote: Where i can find the logs? On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem <aneela@platalytics.com> wrote: I wrote the above lines in olcDatabase={0}config.ldif file. When i restart slapd it gets failed. On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem <aneela@platalytics.com> wrote: Which file i need to write this in? On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 16:05, Aneela Saleem wrote: I have no slapd.conf. I have cn=conf On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 15:51, Aneela Saleem wrote: Thanks Michael and Abdelkader. Abdelkaded the link you provided is for slapd.conf distribution. Can you please guide me how to do "cn=config" distribution? On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 15:41, Michael Ströder wrote: Aneela Saleem wrote: Can anyone please provide me some link for enabling "ldaps" http://www.openldap.org/doc/admin24/tls.html Ciao, Michael. or http://www.openldap.org/faq/data/cache/185.html regards You can convert a slapd.conf to cn=config using slaptest slaptest -f path/to/slapd.conf -F path/to/slapd.d # cn=config dn: cn=config objectClass: olcGlobal cn: config ... olcTLSCACertificateFile: /path/to/cacert olcTLSCertificateFile: /path/to/cert olcTLSCertificateKeyFile: /path/to/key olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 ... Can you run ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389 Ok, retry the "ldapmodify" command using ldapmodify -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 -f mod_ssl.ldif
I get following result ldap_initialize( ldap://localhost:389/??base ) dn:cn=admin,cn=config Result: Success (0) On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 20:11, Aneela Saleem wrote: When i add below file i.e., ssl_mod.ldif dn: cn=config changetype: modify add: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ldap/cacert.pem - add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ldap/servercrt.pem - add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem - add: olcTLSCipherSuite olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 using following command: ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f mod_ssl.ldif i get ldap_result: Can't contact LDAP server (-1) error. Although LDAP is running. I can run following command i.e., ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w 123 -b "dc=platalytics,dc=com" "objectclass=*" How can i make ldaps work? On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem <aneela@platalytics.com> wrote: Where i can find the logs? On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem <aneela@platalytics.com> wrote: I wrote the above lines in olcDatabase={0}config.ldif file. When i restart slapd it gets failed. On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem <aneela@platalytics.com> wrote: Which file i need to write this in? On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 16:05, Aneela Saleem wrote: I have no slapd.conf. I have cn=conf On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 15:51, Aneela Saleem wrote: Thanks Michael and Abdelkader. Abdelkaded the link you provided is for slapd.conf distribution. Can you please guide me how to do "cn=config" distribution? On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 15:41, Michael Ströder wrote: Aneela Saleem wrote: Can anyone please provide me some link for enabling "ldaps" http://www.openldap.org/doc/admin24/tls.html Ciao, Michael. or http://www.openldap.org/faq/data/cache/185.html regards You can convert a slapd.conf to cn=config using slaptest slaptest -f path/to/slapd.conf -F path/to/slapd.d # cn=config dn: cn=config objectClass: olcGlobal cn: config ... olcTLSCACertificateFile: /path/to/cacert olcTLSCertificateFile: /path/to/cert olcTLSCertificateKeyFile: /path/to/key olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 ... Can you run ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389
On 18/08/2015 20:11, Aneela Saleem wrote: When i add below file i.e., ssl_mod.ldif dn: cn=config changetype: modify add: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ldap/cacert.pem - add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ldap/servercrt.pem - add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem - add: olcTLSCipherSuite olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 using following command: ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f mod_ssl.ldif i get ldap_result: Can't contact LDAP server (-1) error. Although LDAP is running. I can run following command i.e., ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w 123 -b "dc=platalytics,dc=com" "objectclass=*" How can i make ldaps work? On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem <aneela@platalytics.com> wrote: Where i can find the logs? On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem <aneela@platalytics.com> wrote: I wrote the above lines in olcDatabase={0}config.ldif file. When i restart slapd it gets failed. On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem <aneela@platalytics.com> wrote: Which file i need to write this in? On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 16:05, Aneela Saleem wrote: I have no slapd.conf. I have cn=conf On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 15:51, Aneela Saleem wrote: Thanks Michael and Abdelkader. Abdelkaded the link you provided is for slapd.conf distribution. Can you please guide me how to do "cn=config" distribution? On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 15:41, Michael Ströder wrote: Aneela Saleem wrote: Can anyone please provide me some link for enabling "ldaps" http://www.openldap.org/doc/admin24/tls.html Ciao, Michael. or http://www.openldap.org/faq/data/cache/185.html regards You can convert a slapd.conf to cn=config using slaptest slaptest -f path/to/slapd.conf -F path/to/slapd.d # cn=config dn: cn=config objectClass: olcGlobal cn: config ... olcTLSCACertificateFile: /path/to/cacert olcTLSCertificateFile: /path/to/cert olcTLSCertificateKeyFile: /path/to/key olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 ... Can you run ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389
When i add below file i.e., ssl_mod.ldif dn: cn=config changetype: modify add: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ldap/cacert.pem - add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ldap/servercrt.pem - add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem - add: olcTLSCipherSuite olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 using following command: ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f mod_ssl.ldif i get ldap_result: Can't contact LDAP server (-1) error. Although LDAP is running. I can run following command i.e., ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w 123 -b "dc=platalytics,dc=com" "objectclass=*" How can i make ldaps work? On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem <aneela@platalytics.com> wrote: Where i can find the logs? On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem <aneela@platalytics.com> wrote: I wrote the above lines in olcDatabase={0}config.ldif file. When i restart slapd it gets failed. On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem <aneela@platalytics.com> wrote: Which file i need to write this in? On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 16:05, Aneela Saleem wrote: I have no slapd.conf. I have cn=conf On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 15:51, Aneela Saleem wrote: Thanks Michael and Abdelkader. Abdelkaded the link you provided is for slapd.conf distribution. Can you please guide me how to do "cn=config" distribution? On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 15:41, Michael Ströder wrote: Aneela Saleem wrote: Can anyone please provide me some link for enabling "ldaps" http://www.openldap.org/doc/admin24/tls.html Ciao, Michael. or http://www.openldap.org/faq/data/cache/185.html regards You can convert a slapd.conf to cn=config using slaptest slaptest -f path/to/slapd.conf -F path/to/slapd.d # cn=config dn: cn=config objectClass: olcGlobal cn: config ... olcTLSCACertificateFile: /path/to/cacert olcTLSCertificateFile: /path/to/cert olcTLSCertificateKeyFile: /path/to/key olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 ...
Where i can find the logs? On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem <aneela@platalytics.com> wrote: I wrote the above lines in olcDatabase={0}config.ldif file. When i restart slapd it gets failed. On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem <aneela@platalytics.com> wrote: Which file i need to write this in? On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 16:05, Aneela Saleem wrote: I have no slapd.conf. I have cn=conf On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 15:51, Aneela Saleem wrote: Thanks Michael and Abdelkader. Abdelkaded the link you provided is for slapd.conf distribution. Can you please guide me how to do "cn=config" distribution? On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 15:41, Michael Ströder wrote: Aneela Saleem wrote: Can anyone please provide me some link for enabling "ldaps" http://www.openldap.org/doc/admin24/tls.html Ciao, Michael. or http://www.openldap.org/faq/data/cache/185.html regards You can convert a slapd.conf to cn=config using slaptest slaptest -f path/to/slapd.conf -F path/to/slapd.d # cn=config dn: cn=config objectClass: olcGlobal cn: config ... olcTLSCACertificateFile: /path/to/cacert olcTLSCertificateFile: /path/to/cert olcTLSCertificateKeyFile: /path/to/key olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 ...
I wrote the above lines in olcDatabase={0}config.ldif file. When i restart slapd it gets failed. On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem <aneela@platalytics.com> wrote: Which file i need to write this in? On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 16:05, Aneela Saleem wrote: I have no slapd.conf. I have cn=conf On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 15:51, Aneela Saleem wrote: Thanks Michael and Abdelkader. Abdelkaded the link you provided is for slapd.conf distribution. Can you please guide me how to do "cn=config" distribution? On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 15:41, Michael Ströder wrote: Aneela Saleem wrote: Can anyone please provide me some link for enabling "ldaps" http://www.openldap.org/doc/admin24/tls.html Ciao, Michael. or http://www.openldap.org/faq/data/cache/185.html regards You can convert a slapd.conf to cn=config using slaptest slaptest -f path/to/slapd.conf -F path/to/slapd.d # cn=config dn: cn=config objectClass: olcGlobal cn: config ... olcTLSCACertificateFile: /path/to/cacert olcTLSCertificateFile: /path/to/cert olcTLSCertificateKeyFile: /path/to/key olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 ...
Which file i need to write this in? On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 16:05, Aneela Saleem wrote: I have no slapd.conf. I have cn=conf On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 15:51, Aneela Saleem wrote: Thanks Michael and Abdelkader. Abdelkaded the link you provided is for slapd.conf distribution. Can you please guide me how to do "cn=config" distribution? On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 15:41, Michael Ströder wrote: Aneela Saleem wrote: Can anyone please provide me some link for enabling "ldaps" http://www.openldap.org/doc/admin24/tls.html Ciao, Michael. or http://www.openldap.org/faq/data/cache/185.html regards You can convert a slapd.conf to cn=config using slaptest slaptest -f path/to/slapd.conf -F path/to/slapd.d # cn=config dn: cn=config objectClass: olcGlobal cn: config ... olcTLSCACertificateFile: /path/to/cacert olcTLSCertificateFile: /path/to/cert olcTLSCertificateKeyFile: /path/to/key olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 ...
On 18/08/2015 16:05, Aneela Saleem wrote: I have no slapd.conf. I have cn=conf On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 15:51, Aneela Saleem wrote: Thanks Michael and Abdelkader. Abdelkaded the link you provided is for slapd.conf distribution. Can you please guide me how to do "cn=config" distribution? On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 15:41, Michael Ströder wrote: Aneela Saleem wrote: Can anyone please provide me some link for enabling "ldaps" http://www.openldap.org/doc/admin24/tls.html Ciao, Michael. or http://www.openldap.org/faq/data/cache/185.html regards You can convert a slapd.conf to cn=config using slaptest slaptest -f path/to/slapd.conf -F path/to/slapd.d # cn=config dn: cn=config objectClass: olcGlobal cn: config ... olcTLSCACertificateFile: /path/to/cacert olcTLSCertificateFile: /path/to/cert olcTLSCertificateKeyFile: /path/to/key olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 ...
I have no slapd.conf. I have cn=conf On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 15:51, Aneela Saleem wrote: Thanks Michael and Abdelkader. Abdelkaded the link you provided is for slapd.conf distribution. Can you please guide me how to do "cn=config" distribution? On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 15:41, Michael Ströder wrote: Aneela Saleem wrote: Can anyone please provide me some link for enabling "ldaps" http://www.openldap.org/doc/admin24/tls.html Ciao, Michael. or http://www.openldap.org/faq/data/cache/185.html regards You can convert a slapd.conf to cn=config using slaptest slaptest -f path/to/slapd.conf -F path/to/slapd.d
On 18/08/2015 15:51, Aneela Saleem wrote: Thanks Michael and Abdelkader. Abdelkaded the link you provided is for slapd.conf distribution. Can you please guide me how to do "cn=config" distribution? On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 15:41, Michael Ströder wrote: Aneela Saleem wrote: Can anyone please provide me some link for enabling "ldaps" http://www.openldap.org/doc/admin24/tls.html Ciao, Michael. or http://www.openldap.org/faq/data/cache/185.html regards You can convert a slapd.conf to cn=config using slaptest slaptest -f path/to/slapd.conf -F path/to/slapd.d
Thanks Michael and Abdelkader. Abdelkaded the link you provided is for slapd.conf distribution. Can you please guide me how to do "cn=config" distribution? On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah <a.chelouah@gmail.com> wrote: On 18/08/2015 15:41, Michael Ströder wrote: Aneela Saleem wrote: Can anyone please provide me some link for enabling "ldaps" http://www.openldap.org/doc/admin24/tls.html Ciao, Michael. or http://www.openldap.org/faq/data/cache/185.html regards
On 18/08/2015 15:41, Michael Ströder wrote: Aneela Saleem wrote: Can anyone please provide me some link for enabling "ldaps" http://www.openldap.org/doc/admin24/tls.html Ciao, Michael. or http://www.openldap.org/faq/data/cache/185.html regards
Aneela Saleem wrote: Can anyone please provide me some link for enabling "ldaps" http://www.openldap.org/doc/admin24/tls.html Ciao, Michael.
Can anyone please provide me some link for enabling "ldaps"