[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: any working documentation?



There are a lot of great tutorials out there too:
https://linuxhostsupport.com/blog/how-to-install-ldap-on-centos-7/ 
https://www.itzgeek.com/how-tos/linux/centos-how-tos/step-step-openldap-server-configuration-centos-7-rhel-7.html 

I would say try them all, get a feel for it and install/configure it for your needs.
Openldap is a great software with many really cool schemas to expand usage
https://fossies.org/linux/ldap-account-manager/docs/manual/apa.html

Have fun! 

On Mon, Aug 19, 2019 at 7:06 PM Dmitri Seletski <drjoms@gmail.com> wrote:

Please ignore last message.

Apparently I have 2 hands, but both are left hands.(freshly cloned OS with no existing preinstall seemed to work fine and works even after 'systemctl stop slapd ; systemctl start slapd')

Can anyone suggest good book for administration of OpenLDAP on Linux/CentOS. Ideally for kid 5 and up, with many pictures and suitable for 'late bloomer'.

Thanks!

Dmitri

-------- Forwarded Message --------
Subject: any working documentation?
Date: Mon, 19 Aug 2019 20:26:28 +0100
From: Dmitri Seletski <drjoms@gmail.com>
To: openldap-technical@openldap.org


Hello.


I am new to the list, so if you gonna beat me with your feet - please don't hit me in the face.

I did not find help/user list. So post here.

Where can I find working documentation for OpenLDAP?

Most current i found:

https://www.openldap.org/doc/admin24/quickstart.html

It says nothing of TLS encryption. I fail to start service

See output below:



TLSMC: MozNSS compatibility interception begins.
tlsmc_intercept_initialization: INFO: entry options follow:
tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap/certs'
tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server'
tlsmc_intercept_initialization: INFO: keyfile = `/etc/openldap/certs/password'
tlsmc_convert: INFO: trying to open NSS DB with CACertDir = `/etc/openldap/certs'.
tlsmc_open_nssdb: INFO: trying to initialize moznss using security dir `/etc/openldap` prefix `certs`.
tlsmc_open_nssdb: WARN: could not initialize MozNSS context - error -8015.
tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM configuration is present.
tlsmc_intercept_initialization: INFO: altered options follow:
tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap'
tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server'
tlsmc_intercept_initialization: INFO: keyfile = `/etc/openldap/certs/password'
tlsmc_intercept_initialization: INFO: successfully intercepted TLS initialization. Continuing with OpenSSL only.
TLSMC: MozNSS compatibility interception ends.
TLS: could not use certificate `OpenLDAP Server'.
TLS: error:02001002:system library:fopen:No such file or directory bss_file.c:402
TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:404
TLS: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib ssl_rsa.c:468
5d5af51b main: TLS init def ctx failed: -1
5d5af51b slapd destroy: freeing system resources.
5d5af51b slapd stopped.
5d5af51b connections_destroy: nothing to destroy.



Where can I submit errata to documentation maintainer?(as quick start clearly doesn't work in my default install of OpenLDAP on CentOS 7)

And how can I start SLAPD without encryption?

I can generate self signed private/public key and make ln -s of my CA cert folder to 'cacertdir = `/etc/openldap'', but this seems SOOO unnecessary. At least on 'try out' step.

Thanks in advance

Dmitri