[Date Prev][Date Next] [Chronological] [Thread] [Top]

any working documentation?

To: openldap-technical@openldap.org
Subject: any working documentation?
From: Dmitri Seletski <drjoms@gmail.com>
Date: Mon, 19 Aug 2019 20:26:28 +0100
Content-language: en-US
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=to:from:subject:message-id:date:user-agent:mime-version :content-transfer-encoding:content-language; bh=lciM+s9mjmZTHSp1WOIn9ho6J6Gv8ydT8rfi/+AWlEg=; b=JDkU2hf0c2gYL9993EELqehPtzBCDeV7IU6SYpP7svDw3X5J5EglYTR0OJLaaEEvp6 /MB+AIZQfZkGnwtYROqY12Ps20hHfrarkynIPftJdkXXI8ZV8zK3yNoBQ6tdt9Gzt2DG nKmD7LXZkmUDNQirmVd+s6az3M7wYwgbQdzdPJnQ0jaYMrArkORYPp02reQ9AW+V9g1S eEWJkZpt8LoMSYv9qRzPZPQ0R+SjiB0T8yM3/vUYN8wVciTLkC4Ngpwv0yw+gsG/atGg 07JdsA0NgkZHO9H8V+hWPxGA2KZenqzCcKNCfNhR543VoM0Toc3XXk58ikdQSDEfGdNu n44A==
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0

Hello.

I am new to the list, so if you gonna beat me with your feet - pleasedon't hit me in the face.


I did not find help/user list. So post here.

Where can I find working documentation for OpenLDAP?

Most current i found:

https://www.openldap.org/doc/admin24/quickstart.html

It says nothing of TLS encryption. I fail to start service

See output below:



TLSMC: MozNSS compatibility interception begins.
tlsmc_intercept_initialization: INFO: entry options follow:
tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap/certs'
tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server'

tlsmc_intercept_initialization: INFO: keyfile =`/etc/openldap/certs/password'tlsmc_convert: INFO: trying to open NSS DB with CACertDir =`/etc/openldap/certs'.tlsmc_open_nssdb: INFO: trying to initialize moznss using security dir`/etc/openldap` prefix `certs`.

tlsmc_open_nssdb: WARN: could not initialize MozNSS context - error -8015.

tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM configurationis present.

tlsmc_intercept_initialization: INFO: altered options follow:
tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap'
tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server'

tlsmc_intercept_initialization: INFO: keyfile =`/etc/openldap/certs/password'tlsmc_intercept_initialization: INFO: successfully intercepted TLSinitialization. Continuing with OpenSSL only.

TLSMC: MozNSS compatibility interception ends.
TLS: could not use certificate `OpenLDAP Server'.

TLS: error:02001002:system library:fopen:No such file or directorybss_file.c:402

TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:404

TLS: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system libssl_rsa.c:468

5d5af51b main: TLS init def ctx failed: -1
5d5af51b slapd destroy: freeing system resources.
5d5af51b slapd stopped.
5d5af51b connections_destroy: nothing to destroy.

Where can I submit errata to documentation maintainer?(as quick startclearly doesn't work in my default install of OpenLDAP on CentOS 7)


And how can I start SLAPD without encryption?

I can generate self signed private/public key and make ln -s of my CAcert folder to 'cacertdir = `/etc/openldap'', but this seems SOOOunnecessary. At least on 'try out' step.


Thanks in advance

Dmitri

Follow-Ups:
- Fwd: any working documentation?
  - From: Dmitri Seletski <drjoms@gmail.com>
- RE: any working documentation?
  - From: "Marc Roos" <M.Roos@f1-outsourcing.eu>
- Re: any working documentation?
  - From: Dieter Klünter <dieter@dkluenter.de>

Prev by Date: Re: Q: Multiple accesslog overlays?
Next by Date: Fwd: any working documentation?
Index(es):
- Chronological
- Thread